blockstorage_block_volume_cmk_encryption_enabledblockstorage_boot_volume_cmk_encryption_enabledcloudguard_enabledcore_default_security_list_allow_icmp_onlycore_instance_encryption_in_transit_enabledcore_instance_legacy_metadata_service_endpoint_disabledcore_instance_secure_boot_enabledcore_network_security_group_restrict_ingress_rdp_allcore_network_security_group_restrict_ingress_ssh_allcore_security_list_restrict_ingress_rdp_allcore_security_list_restrict_ingress_ssh_allcore_subnet_flow_log_enabledevents_rule_notification_cloud_guard_problems_detectedevents_rule_notification_iam_group_changesevents_rule_notification_iam_policy_changesevents_rule_notification_iam_user_changesevents_rule_notification_identity_provider_changesevents_rule_notification_idp_group_mapping_changesevents_rule_notification_local_user_authevents_rule_notification_network_gateway_changesevents_rule_notification_network_security_list_changesevents_rule_notification_route_table_changesevents_rule_notification_security_list_changesevents_rule_notification_vcn_changesfilestorage_filesystem_cmk_encryption_enabledidentity_administrator_user_with_no_api_keyidentity_auth_token_age_90identity_authentication_password_policy_strong_min_length_14identity_default_tagidentity_iam_administrators_no_update_tenancy_administrators_group_permissionidentity_only_administrators_group_with_manage_all_resources_permission_in_tenancyidentity_root_compartment_no_resourcesidentity_tenancy_audit_log_retention_period_365_daysidentity_tenancy_with_one_active_compartmentidentity_user_api_key_age_90identity_user_console_access_mfa_enabledidentity_user_credentials_unused_45_daysidentity_user_customer_secret_key_age_90identity_user_db_credential_age_90identity_user_one_active_api_keyidentity_user_valid_emailkms_cmk_rotation_365manual_controlnotification_topic_with_subscriptionobjectstorage_bucket_cmk_encryption_enabledobjectstorage_bucket_public_access_blockedobjectstorage_bucket_versioning_enabledobjectstorage_bucket_write_logging_enabledoracle_autonomous_database_not_publicly_accessible
Query: objectstorage_bucket_write_logging_enabled
Usage
powerpipe query oci_compliance.query.objectstorage_bucket_write_logging_enabled
SQL
with bucket_logs as ( select configuration -> 'source' ->> 'resource' as bucket_identifier, configuration -> 'source' ->> 'category' as category, lifecycle_state, title as log_name, log_group_id, is_enabled, retention_duration, region, compartment_id as log_compartment_id from oci_logging_log where configuration -> 'source' ->> 'service' = 'objectstorage' and configuration -> 'source' ->> 'category' ilike '%write%')select b.id as resource, case when bl.is_enabled and lower(coalesce(bl.lifecycle_state, '')) = 'active' then 'ok' else 'alarm' end as status, case when bl.is_enabled and lower(coalesce(bl.lifecycle_state, '')) = 'active' then b.title || ' write access logging enabled in log group ' || coalesce(g.display_name, bl.log_group_id, 'unknown') || ' (log: ' || coalesce(bl.log_name, 'unknown') || ').' when bl.log_group_id is null then b.title || ' write access logging disabled (no write log configured).' when not coalesce(bl.is_enabled, false) then b.title || ' write access logging log exists but disabled.' else b.title || ' write access logging log lifecycle state ' || coalesce(bl.lifecycle_state, 'unknown') || '.' end as reason , b.region as region, b.tenant_name as tenant , coalesce(c.name, 'root') as compartmentfrom oci_objectstorage_bucket b left join bucket_logs bl on bl.bucket_identifier in ( b.id, b.name, format('%s/%s', b.namespace, b.name), format('%s_write', b.name) ) left join oci_logging_log_group g on g.id = bl.log_group_id left join oci_identity_compartment c on c.id = b.compartment_id;
Controls
The query is being used by the following controls: