turbot/steampipe-mod-terraform-azure-compliance

Control: Azure Monitor log profile should collect logs for categories 'write', 'delete' and 'action'

Description

This policy ensures that a log profile collects logs for categories 'write', 'delete' and 'action'.

Usage

Run the control in your terminal:

powerpipe control run terraform_azure_compliance.control.monitor_log_profile_enabled_for_all_categories

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run terraform_azure_compliance.control.monitor_log_profile_enabled_for_all_categories --share

SQL

This control uses a named query:

select
address as resource,
case
when (attributes_std -> 'categories') @> '["Write", "Action", "Delete"]' then 'ok'
else 'alarm'
end status,
split_part(address, '.', 2) || case
when (attributes_std -> 'categories') @> '["Write", "Action", "Delete"]' then ' collects logs for categories write, delete and action'
else ' does not collects logs for all categories.'
end || '.' reason
, path || ':' || start_line
from
terraform_resource
where
type = 'azurerm_monitor_log_profile';

Tags