blockstorage_block_volume_encryption_enabledblockstorage_boot_volume_backup_encryption_enabledblockstorage_boot_volume_encryption_enabledcloudguard_enabledcompute_instance_metadata_service_disabledcompute_instance_monitoring_enableddatabase_db_encryption_enableddatabase_db_home_encryption_enableddatabase_db_system_encryption_enabledfile_storage_file_system_encryption_enabledidentity_authentication_password_policy_strong_min_length_14objectstorage_bucket_encryption_enabledobjectstorage_bucket_public_access_blockedobjectstorage_bucket_versioning_enabledvcn_default_security_group_allow_icmp_onlyvcn_network_security_group_restrict_ingress_rdp_allvcn_network_security_group_restrict_ingress_ssh_allvcn_security_list_restrict_ingress_rdp_allvcn_security_list_restrict_ingress_ssh_allvcn_subnet_public_access_blocked
Query: vcn_default_security_group_allow_icmp_only
Usage
steampipe query terraform_oci_compliance.query.vcn_default_security_group_allow_icmp_onlyPlugins & Tables
SQL
with all_security_rules as ( select * from terraform_resource where type = 'oci_core_security_list'),non_complaint as ( select name, count(name) as count from all_security_rules, jsonb_array_elements( case jsonb_typeof(arguments -> 'ingress_security_rules') when 'array' then (arguments -> 'ingress_security_rules') else null end ) as p where p ->> 'protocol' != '1' group by name)select a.type || ' ' || a.name as resource, case when b.count > 0 or ( a.arguments -> 'ingress_security_rules' ->> 'protocol' != '1' ) then 'alarm' else 'ok' end as status, a.name || case when b.count > 0 or ( a.arguments -> 'ingress_security_rules' ->> 'protocol' != '1' ) then ' configured with non ICMP ports' else ' configured with ICMP ports only' end || '.' reason, path || ':' || start_linefrom all_security_rules as a left join non_complaint as b on a.name = b.nameControls
The query is being used by the following controls: