turbot/alicloud_compliance

Query: oss_bucket_encrypted_with_servcie_key

Usage

powerpipe query alicloud_compliance.query.oss_bucket_encrypted_with_servcie_key

SQL

select
'acs:oss:::' || b.name as resource,
case
when server_side_encryption ->> 'SSEAlgorithm' = 'KMS'
and k.creator = 'Oss' then 'ok'
else 'alarm'
end as status,
case
when server_side_encryption ->> 'SSEAlgorithm' = 'KMS'
and k.creator = 'Oss' then b.title || ' encrypted with Service Key.'
else b.title || ' not encrypted with Service Key.'
end as reason,
b.account_id as account_id,
b.region as region
from
alicloud_oss_bucket b
left join alicloud_kms_key k on b.server_side_encryption ->> 'KMSMasterKeyID' = k.key_id;

Controls

The query is being used by the following controls: