turbot/alicloud

steampipe plugin install alicloudsteampipe plugin install alicloud

Table: alicloud_oss_bucket

An OSS bucket is the container used to store objects. All objects are contained in buckets. You can configure a variety of bucket properties such as the region, ACL, and storage class. You can create buckets of different storage classes to store data based on your requirements.

Examples

List of buckets where versioning is not enabled

select
name,
arn,
region,
account_id,
versioning
from
alicloud_oss_bucket
where
versioning <> 'Enabled';

List of buckets which do not have default encryption enabled

select
name,
server_side_encryption
from
alicloud_oss_bucket
where
server_side_encryption ->> 'SSEAlgorithm' = '';

List of buckets where public access to bucket is not blocked

select
name,
acl
from
alicloud_oss_bucket
where
acl <> 'private';

List of buckets where server access logging destination is same as the source bucket

select
name,
logging ->> 'TargetBucket' as target_bucket
from
alicloud_oss_bucket
where
logging ->> 'TargetBucket' = name;

List of buckets without owner tag key

select
name,
tags
from
alicloud_oss_bucket
where
tags ->> 'owner' is null;

List of Bucket policy statements that grant external access

select
title,
p as principal,
a as action,
s ->> 'Effect' as effect,
s -> 'Condition' as conditions
from
alicloud_oss_bucket,
jsonb_array_elements(policy -> 'Statement') as s,
jsonb_array_elements_text(s -> 'Principal') as p,
jsonb_array_elements_text(s -> 'Action') as a
where
s ->> 'Effect' = 'Allow'
and (
p != account_id
or p = '*'
);

List of buckets with no lifecycle policy

select
name,
arn,
region,
account_id,
lifecycle_rules
from
alicloud_oss_bucket
where
lifecycle_rules is null;

.inspect alicloud_oss_bucket

Object Storage Bucket

NameTypeDescription
account_idtextThe Alicloud Account ID in which the resource is located.
acltextThe access control list setting for bucket. Valid values: public-read-write, public-read, and private. public-read-write: Any users, including anonymous users can read and write objects in the bucket. Exercise caution when you set the ACL of a bucket to public-read-write. public-read: Only the owner or authorized users of this bucket can write objects in the bucket. Other users, including anonymous users can only read objects in the bucket. Exercise caution when you set the ACL of a bucket to public-read. private: Only the owner or authorized users of this bucket can read and write objects in the bucket. Other users, including anonymous users cannot access the objects in the bucket without authorization.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Alibaba Cloud Resource Name (ARN) of the OSS bucket.
creation_datetimestamp without time zoneDate when the bucket was created.
lifecycle_rulesjsonbA list of lifecycle rules for a bucket.
locationtextLocation of the Bucket.
loggingjsonbIndicates the container used to store access logging configuration of a bucket.
nametextName of the Bucket.
policyjsonbAllows you to grant permissions on OSS resources to RAM users from your Alibaba Cloud and other Alibaba Cloud accounts. You can also control access based on the request source.
redundancy_typetextThe type of disaster recovery for a bucket. Valid values: LRS and ZRS
regiontextThe Alicloud region in which the resource is located.
server_side_encryptionjsonbThe server-side encryption configuration for bucket
storage_classtextThe storage class of objects in the bucket.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags assigned to bucket
titletextTitle of the resource.
versioningtextThe status of versioning for the bucket. Valid values: Enabled and Suspended.