Table: oci_identity_tag_default - Query OCI Identity Tag Defaults using SQL
Oracle Cloud Infrastructure (OCI) Identity Tag Defaults is a feature within the OCI Identity service that allows you to define default tags to be applied to all resources at the time of creation within a specific compartment. These default tags help in organizing and tracking resources, improving cost tracking, security, and compliance across the OCI resources. The tag defaults are inherited by all new resources created in the compartment and can be overwritten during or after the resource creation.
Table Usage Guide
The oci_identity_tag_default table provides insights into the default tags within OCI Identity. As a cloud administrator or security analyst, explore tag-specific details through this table, including tag namespace, value, and lifecycle state. Utilize it to uncover information about default tags, such as their applicability to specific resources, their lifecycle states, and the compartments they are associated with.
Examples
Basic info
Analyze the settings to understand the necessity and lifecycle status of various elements within your OCI Identity Tag Default. This can help in assessing the importance and current stage of each element, aiding in efficient resource management.
select id, is_required, lifecycle_statefrom oci_identity_tag_default;select id, is_required, lifecycle_statefrom oci_identity_tag_default;List active tag defaults
Explore which tag defaults are currently active within your OCI identity configuration. This can help manage and organize your resources effectively.
select id, is_required, lifecycle_statefrom oci_identity_tag_defaultwhere lifecycle_state = 'ACTIVE';select id, is_required, lifecycle_statefrom oci_identity_tag_defaultwhere lifecycle_state = 'ACTIVE';List required tag defaults
Determine the required tag defaults within your OCI identity to ensure compliance and manage resources effectively. This query is particularly useful in identifying and understanding the lifecycle state of these mandatory tag defaults.
select id, is_required, lifecycle_statefrom oci_identity_tag_defaultwhere is_required;select id, is_required, lifecycle_statefrom oci_identity_tag_defaultwhere is_required = 1;Control examples
- CIS v1.1.0 > 3 Logging and Monitoring > 3.2 Ensure default tags are used on resources
- CIS v1.2.0 > 3 Logging and Monitoring > 3.2 Ensure default tags are used on resources
- CIS v2.0.0 > 3 Compute > 3.2 Ensure Secure Boot is enabled on Compute Instance
- CIS v2.0.0 > 4 Logging and Monitoring > 4.1 Ensure default tags are used on resources
Schema for oci_identity_tag_default
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| compartment_id | text | = | The OCID of the compartment in Tenant in which the resource is located. |
| id | text | = | The OCID of the tag default. |
| is_required | boolean | If you specify that a value is required, a value is set during resource creation (either by the user creating the resource or another tag default). If no value is set, resource creation is blocked.If the `isRequired` flag is set to true, the value is set during resource creation.If the `isRequired` flag is set to false, the value you enter is set during resource creation. | |
| lifecycle_state | text | = | The tag default's current state. |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| tag_definition_id | text | The OCID of the tag definition. | |
| tag_definition_name | text | The name used in the tag definition. | |
| tag_namespace_id | text | The OCID of the tag namespace that contains the tag definition. | |
| tenant_id | text | =, !=, ~~, ~~*, !~~, !~~* | The OCID of the Tenant in which the resource is located. |
| tenant_name | text | The name of the Tenant in which the resource is located. | |
| time_created | timestamp with time zone | Date and time the tagDefault was created. | |
| title | text | Title of the resource. | |
| value | text | The default value for the tag definition. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ociYou can pass the configuration to the command with the --config argument:
steampipe_export_oci --config '<your_config>' oci_identity_tag_default