🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-terraform-oci-compliance
Overview
8Dashboards
30Benchmarks
30Queries
2Variables
GitHub

Control: Ensure Network Security Group has stateless ingress security rules

Description

This control checks if a Network Security Group has stateless ingress security rules.

Usage

Run the control in your terminal:

powerpipe control run terraform_oci_compliance.control.vcn_security_group_has_stateless_ingress_security_rules

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run terraform_oci_compliance.control.vcn_security_group_has_stateless_ingress_security_rules --share

SQL

This control uses a named query:

select
  address as resource,
  case
    when (attributes_std ->> 'direction' = 'INGRESS') and (attributes_std ->> 'stateless' is null or (attributes_std ->> 'stateless')::bool is not true) then 'alarm'
    when (attributes_std ->> 'direction' is null) or (attributes_std ->> 'direction' <> 'INGRESS') then 'info'
    else 'ok'
  end as status,
  split_part(address, '.', 2) || case
    when (attributes_std ->> 'direction' = 'INGRESS') and (attributes_std ->> 'stateless' is null or (attributes_std ->> 'stateless')::bool is not true) then ' does not have stateless ingress security rules'
    when (attributes_std ->> 'direction' is null) or (attributes_std ->> 'direction' <> 'INGRESS') then ' has no ingress security rules'
    else ' has stateless ingress security rules'
  end || '.' reason
  
  , path || ':' || start_line
from
  terraform_resource
where
  type = 'oci_core_network_security_group_security_rule';

Tags

category = Compliance
plugin = terraform
service = OCI/VCN