alicloud_accountalicloud_action_trailalicloud_cas_certificatealicloud_cms_monitor_hostalicloud_cs_kubernetes_clusteralicloud_cs_kubernetes_cluster_nodealicloud_ecs_auto_provisioning_groupalicloud_ecs_autoscaling_groupalicloud_ecs_diskalicloud_ecs_disk_metric_read_iopsalicloud_ecs_disk_metric_read_iops_dailyalicloud_ecs_disk_metric_read_iops_hourlyalicloud_ecs_disk_metric_write_iopsalicloud_ecs_disk_metric_write_iops_dailyalicloud_ecs_disk_metric_write_iops_hourlyalicloud_ecs_imagealicloud_ecs_instancealicloud_ecs_instance_metric_cpu_utilization_dailyalicloud_ecs_instance_metric_cpu_utilization_hourlyalicloud_ecs_key_pairalicloud_ecs_launch_templatealicloud_ecs_network_interfacealicloud_ecs_regionalicloud_ecs_security_groupalicloud_ecs_snapshotalicloud_ecs_zonealicloud_kms_keyalicloud_kms_secretalicloud_oss_bucketalicloud_ram_access_keyalicloud_ram_credential_reportalicloud_ram_groupalicloud_ram_password_policyalicloud_ram_policyalicloud_ram_rolealicloud_ram_security_preferencealicloud_ram_useralicloud_rds_backupalicloud_rds_databasealicloud_rds_instancealicloud_rds_instance_metric_connectionsalicloud_rds_instance_metric_connections_dailyalicloud_rds_instance_metric_cpu_utilizationalicloud_rds_instance_metric_cpu_utilization_dailyalicloud_rds_instance_metric_cpu_utilization_hourlyalicloud_security_center_field_statisticsalicloud_security_center_versionalicloud_slb_load_balanceralicloud_vpcalicloud_vpc_dhcp_options_setalicloud_vpc_eipalicloud_vpc_flow_logalicloud_vpc_nat_gatewayalicloud_vpc_network_aclalicloud_vpc_route_entryalicloud_vpc_route_tablealicloud_vpc_ssl_vpn_client_certalicloud_vpc_ssl_vpn_serveralicloud_vpc_vpn_connectionalicloud_vpc_vpn_customer_gatewayalicloud_vpc_vpn_gatewayalicloud_vpc_vswitch
Table: alicloud_oss_bucket
An OSS bucket is the container used to store objects. All objects are contained in buckets. You can configure a variety of bucket properties such as the region, ACL, and storage class. You can create buckets of different storage classes to store data based on your requirements.
Examples
List of buckets where versioning is not enabled
select name, arn, region, account_id, versioningfrom alicloud_oss_bucketwhere versioning <> 'Enabled';
List of buckets which do not have default encryption enabled
select name, server_side_encryptionfrom alicloud_oss_bucketwhere server_side_encryption ->> 'SSEAlgorithm' = '';
List of buckets where public access to bucket is not blocked
select name, aclfrom alicloud_oss_bucketwhere acl <> 'private';
List of buckets where server access logging destination is same as the source bucket
select name, logging ->> 'TargetBucket' as target_bucketfrom alicloud_oss_bucketwhere logging ->> 'TargetBucket' = name;
List of buckets without owner tag key
select name, tagsfrom alicloud_oss_bucketwhere tags ->> 'owner' is null;
List of Bucket policy statements that grant external access
select title, p as principal, a as action, s ->> 'Effect' as effect, s -> 'Condition' as conditionsfrom alicloud_oss_bucket, jsonb_array_elements(policy -> 'Statement') as s, jsonb_array_elements_text(s -> 'Principal') as p, jsonb_array_elements_text(s -> 'Action') as awhere s ->> 'Effect' = 'Allow' and ( p != account_id or p = '*' );
List of buckets with no lifecycle policy
select name, arn, region, account_id, lifecycle_rulesfrom alicloud_oss_bucketwhere lifecycle_rules is null;
Query examples
- action_trails_for_oss_bucket
- bucket_policy_stds_for_oss_bucket
- kms_keys_for_oss_bucket
- oss_bucket_1_year_count
- oss_bucket_24_hours_count
- oss_bucket_30_90_days_count
- oss_bucket_30_days_count
- oss_bucket_90_365_days_count
- oss_bucket_access_type
- oss_bucket_age_table
- oss_bucket_by_account
- oss_bucket_by_creation_month
- oss_bucket_by_region
- oss_bucket_by_storage_class
- oss_bucket_count
- oss_bucket_encrypted_with_byok_count
- oss_bucket_encrypted_with_servcie_key_count
- oss_bucket_encryption
- oss_bucket_https_enforce
- oss_bucket_input
- oss_bucket_lifecycle_policy
- oss_bucket_lifecycle_table
- oss_bucket_logging
- oss_bucket_logging_disabled_count
- oss_bucket_logging_table
- oss_bucket_overview
- oss_bucket_policy
- oss_bucket_public_access_not_blocked_count
- oss_bucket_public_access_table
- oss_bucket_server_side_encryption
- oss_bucket_ssl_not_enforced_count
- oss_bucket_tags_detail
- oss_bucket_unencrypted_count
- oss_bucket_versioning
- oss_bucket_versioning_disabled_count
- oss_buckets_for_kms_key
- source_logging_oss_buckets_for_oss_bucket
- target_logging_oss_buckets_for_oss_bucket
Control examples
- oss_bucket_without_lifecycle_policy
- action_trail_oss_bucket_not_public
- oss_bucket_encrypted_with_byok
- oss_bucket_encrypted_with_servcie_key
- oss_bucket_enforces_ssl
- oss_bucket_logging_enabled
- oss_bucket_public_access_blocked
- oss_bucket_by_default_encryption_status
- oss_bucket_by_logging_status
- oss_bucket_by_public_access_blocked_status
- oss_bucket_by_ssl_enforced_status
- oss_bucket_by_versioning_status
- oss_bucket_encryption_table
.inspect alicloud_oss_bucket
Object Storage Bucket
Name | Type | Description |
---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
account_id | text | The Alicloud Account ID in which the resource is located. |
acl | text | The access control list setting for bucket. Valid values: public-read-write, public-read, and private. public-read-write: Any users, including anonymous users can read and write objects in the bucket. Exercise caution when you set the ACL of a bucket to public-read-write. public-read: Only the owner or authorized users of this bucket can write objects in the bucket. Other users, including anonymous users can only read objects in the bucket. Exercise caution when you set the ACL of a bucket to public-read. private: Only the owner or authorized users of this bucket can read and write objects in the bucket. Other users, including anonymous users cannot access the objects in the bucket without authorization. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. |
arn | text | The Alibaba Cloud Resource Name (ARN) of the OSS bucket. |
creation_date | timestamp with time zone | Date when the bucket was created. |
lifecycle_rules | jsonb | A list of lifecycle rules for a bucket. |
location | text | Location of the Bucket. |
logging | jsonb | Indicates the container used to store access logging configuration of a bucket. |
name | text | Name of the Bucket. |
policy | jsonb | Allows you to grant permissions on OSS resources to RAM users from your Alibaba Cloud and other Alibaba Cloud accounts. You can also control access based on the request source. |
redundancy_type | text | The type of disaster recovery for a bucket. Valid values: LRS and ZRS |
region | text | The Alicloud region in which the resource is located. |
server_side_encryption | jsonb | The server-side encryption configuration for bucket |
storage_class | text | The storage class of objects in the bucket. |
tags | jsonb | A map of tags for the resource. |
tags_src | jsonb | A list of tags assigned to bucket |
title | text | Title of the resource. |
versioning | text | The status of versioning for the bucket. Valid values: Enabled and Suspended. |