Table: ibm_cos_bucket - Query IBM Cloud Object Storage Buckets using SQL
IBM Cloud Object Storage is a highly scalable cloud storage service, designed for high durability, resiliency and security. It allows users to store, manage and access their data in a simple, cost-effective way. It is ideal for storing large amounts of data, such as images, video files, and backups.
Table Usage Guide
The ibm_cos_bucket
table provides insights into the configuration and access policies of IBM Cloud Object Storage Buckets. As a data engineer, explore bucket-specific details through this table, including bucket location, storage class, and access policies. Utilize it to monitor and manage your data storage, ensuring optimal performance and security.
Examples
Basic info
Explore which IBM COS buckets are in use, their respective regions and when they were created. This can be beneficial for understanding the distribution and timeline of your storage resources.
select name, region, creation_datefrom ibm_cos_bucket;
select name, region, creation_datefrom ibm_cos_bucket;
List unencrypted buckets
Determine the areas in which data stored in IBM Cloud Object Storage buckets are potentially at risk due to lack of encryption. This allows for a quick assessment of security vulnerabilities and aids in prioritizing necessary protective measures.
select name, region, creation_date, sse_kp_enabledfrom ibm_cos_bucketwhere not sse_kp_enabled;
select name, region, creation_date, sse_kp_enabledfrom ibm_cos_bucketwhere not sse_kp_enabled;
List buckets with versioning disabled
Explore which IBM COS buckets have versioning disabled to gain insights into potential data loss risks. This is useful in scenarios where maintaining different versions of objects in a bucket is crucial for data recovery and backup purposes.
select name, region, creation_date, versioning_enabledfrom ibm_cos_bucketwhere not versioning_enabled;
select name, region, creation_date, versioning_enabledfrom ibm_cos_bucketwhere not versioning_enabled;
Control examples
- CIS v1.0.0 > 2 Storage > 2.1 Cloud Object Storage > 2.1.1 Cloud Object Storage Encryption > 2.1.1.1 Ensure Cloud Object Storage encryption is done with customer managed keys
- CIS v1.0.0 > 2 Storage > 2.1 Cloud Object Storage > 2.1.1 Cloud Object Storage Encryption > 2.1.1.2 Ensure Cloud Object Storage Encryption is set to On with BYOK
- CIS v1.0.0 > 2 Storage > 2.1 Cloud Object Storage > 2.1.1 Cloud Object Storage Encryption > 2.1.1.3 Ensure Cloud Object Storage Encryption is set to On with KYOK
Schema for ibm_cos_bucket
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The ID fof the account. |
acl | jsonb | The access control list (ACL) of a bucket. | |
creation_date | timestamp with time zone | The date when the bucket was created. | |
lifecycle_rules | jsonb | The lifecycle configuration information of the bucket. | |
name | text | Name of the bucket. | |
public_access_block_configuration | jsonb | The public access block configuration information of the bucket. | |
region | text | The region of the bucket. | |
retention | jsonb | The retention configuration information of the bucket. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
sse_kp_customer_root_key_crn | text | The root key used by Key Protect to encrypt this bucket. This value must be the full CRN of the root key. | |
sse_kp_enabled | boolean | Specifies whether the Bucket has Key Protect enabled. | |
title | text | Title of the resource. | |
versioning_enabled | boolean | The versioning state of a bucket. | |
versioning_mfa_delete | boolean | The MFA Delete status of the versioning state. | |
website | jsonb | The lifecycle configuration information of the bucket. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ibm
You can pass the configuration to the command with the --config
argument:
steampipe_export_ibm --config '<your_config>' ibm_cos_bucket