turbot/terraform_azure_compliance

Query: keyvault_managed_hms_logging_enabled

Usage

powerpipe query terraform_azure_compliance.query.keyvault_managed_hms_logging_enabled

Steampipe Tables

SQL

with hsm_key_vaults as (
select
*
from
terraform_resource
where
type = 'azurerm_key_vault_managed_hardware_security_module'
), diagnostic_setting as (
select
*
from
terraform_resource
where
type = 'azurerm_monitor_diagnostic_setting'
and (attributes_std ->> 'target_resource_id') like '%azurerm_key_vault_managed_hardware_security_module.%'
), hsm_key_vaults_logging as (
select
kv.name as kv_name
from
hsm_key_vaults as kv
left join diagnostic_setting as ds on kv.name = (split_part((ds.attributes_std ->> 'target_resource_id'), '.', 2))
where
(ds.attributes_std ->> 'storage_account_id') is not null
and (ds.attributes_std -> 'log' ->> 'category')::text = 'AuditEvent'
and (ds.attributes_std -> 'log' ->> 'enabled')::boolean
and (ds.attributes_std -> 'log' -> 'retention_policy' ->> 'enabled')::boolean
)
select
type || ' ' || a.name as resource,
case
when s.kv_name is null then 'alarm'
else 'ok'
end as status,
split_part(a.address, '.', 2) || case
when s.kv_name is null then ' logging disabled'
else ' logging enabled'
end || '.' reason
, a.path || ':' || a.start_line
from
hsm_key_vaults as a
left join hsm_key_vaults_logging as s on a.name = s.kv_name;

Controls

The query is being used by the following controls: