turbot/alicloud_compliance
GitHub

Query: action_trail_oss_bucket_not_public

Usage

steampipe query alicloud_compliance.query.action_trail_oss_bucket_not_public

SQL

select
'acs' || ':actiontrail:' || trail.region || ':account_id' || ':actiontrail/' || trail.name as resource,
case
when bucket.acl <> 'private' then 'alarm'
else 'ok'
end as status,
case
when bucket.acl <> 'private' then 'oss bucket ' || bucket.name || ' used to store ActionTrail logs is publicly accessible.'
else 'oss bucket ' || bucket.name || ' used to store ActionTrail logs is not publicly accessible.'
end as reason,
trail.account_id as account_id,
trail.region as region
from
alicloud_action_trail as trail
join alicloud_oss_bucket as bucket on trail.oss_bucket_name = bucket.name;

Controls

The query is being used by the following controls: