oci_adm_knowledge_baseoci_adm_vulnerability_auditoci_ai_anomaly_detection_ai_private_endpointoci_ai_anomaly_detection_data_assetoci_ai_anomaly_detection_modeloci_ai_anomaly_detection_projectoci_analytics_instanceoci_apigateway_apioci_application_migration_migrationoci_application_migration_sourceoci_artifacts_container_imageoci_artifacts_container_image_signatureoci_artifacts_container_repositoryoci_artifacts_generic_artifactoci_artifacts_repositoryoci_autoscaling_auto_scaling_configurationoci_autoscaling_auto_scaling_policyoci_bastion_bastionoci_bastion_sessionoci_bds_bds_instanceoci_budget_alert_ruleoci_budget_budgetoci_certificates_authority_bundleoci_certificates_management_associationoci_certificates_management_ca_bundleoci_certificates_management_certificateoci_certificates_management_certificate_authorityoci_certificates_management_certificate_authority_versionoci_certificates_management_certificate_versionoci_cloud_guard_configurationoci_cloud_guard_detector_recipeoci_cloud_guard_managed_listoci_cloud_guard_responder_recipeoci_cloud_guard_targetoci_container_instances_containeroci_container_instances_container_instanceoci_containerengine_clusteroci_core_block_volume_replicaoci_core_boot_volumeoci_core_boot_volume_attachmentoci_core_boot_volume_backupoci_core_boot_volume_metric_read_opsoci_core_boot_volume_metric_read_ops_dailyoci_core_boot_volume_metric_read_ops_hourlyoci_core_boot_volume_metric_write_opsoci_core_boot_volume_metric_write_ops_dailyoci_core_boot_volume_metric_write_ops_hourlyoci_core_boot_volume_replicaoci_core_cluster_networkoci_core_dhcp_optionsoci_core_drgoci_core_imageoci_core_image_customoci_core_instanceoci_core_instance_configurationoci_core_instance_metric_cpu_utilizationoci_core_instance_metric_cpu_utilization_dailyoci_core_instance_metric_cpu_utilization_hourlyoci_core_internet_gatewayoci_core_load_balanceroci_core_local_peering_gatewayoci_core_nat_gatewayoci_core_network_load_balanceroci_core_network_security_groupoci_core_public_ipoci_core_public_ip_pooloci_core_route_tableoci_core_security_listoci_core_service_gatewayoci_core_subnetoci_core_vcnoci_core_vnic_attachmentoci_core_volumeoci_core_volume_attachmentoci_core_volume_backupoci_core_volume_backup_policyoci_core_volume_default_backup_policyoci_core_volume_groupoci_database_autonomous_databaseoci_database_autonomous_db_metric_cpu_utilizationoci_database_autonomous_db_metric_cpu_utilization_dailyoci_database_autonomous_db_metric_cpu_utilization_hourlyoci_database_autonomous_db_metric_storage_utilizationoci_database_autonomous_db_metric_storage_utilization_dailyoci_database_autonomous_db_metric_storage_utilization_hourlyoci_database_cloud_vm_clusteroci_database_dboci_database_db_homeoci_database_db_systemoci_database_exadata_infrastructureoci_database_pluggable_databaseoci_database_software_imageoci_devops_projectoci_devops_repositoryoci_dns_rrsetoci_dns_tsig_keyoci_dns_zoneoci_events_ruleoci_file_storage_file_systemoci_file_storage_mount_targetoci_file_storage_snapshotoci_functions_applicationoci_functions_functionoci_identity_api_keyoci_identity_auth_tokenoci_identity_authentication_policyoci_identity_availability_domainoci_identity_compartmentoci_identity_customer_secret_keyoci_identity_db_credentialoci_identity_domainoci_identity_dynamic_groupoci_identity_groupoci_identity_network_sourceoci_identity_policyoci_identity_tag_defaultoci_identity_tag_namespaceoci_identity_tenancyoci_identity_useroci_kms_keyoci_kms_key_versionoci_kms_vaultoci_logging_logoci_logging_log_groupoci_logging_searchoci_mysql_backupoci_mysql_channeloci_mysql_configurationoci_mysql_configuration_customoci_mysql_db_systemoci_mysql_db_system_metric_connectionsoci_mysql_db_system_metric_connections_dailyoci_mysql_db_system_metric_connections_hourlyoci_mysql_db_system_metric_cpu_utilizationoci_mysql_db_system_metric_cpu_utilization_dailyoci_mysql_db_system_metric_cpu_utilization_hourlyoci_mysql_db_system_metric_memory_utilizationoci_mysql_db_system_metric_memory_utilization_dailyoci_mysql_heat_wave_clusteroci_network_firewall_firewalloci_network_firewall_policyoci_nosql_tableoci_nosql_table_metric_read_throttle_countoci_nosql_table_metric_read_throttle_count_dailyoci_nosql_table_metric_read_throttle_count_hourlyoci_nosql_table_metric_storage_utilizationoci_nosql_table_metric_storage_utilization_dailyoci_nosql_table_metric_storage_utilization_hourlyoci_nosql_table_metric_write_throttle_countoci_nosql_table_metric_write_throttle_count_dailyoci_nosql_table_metric_write_throttle_count_hourlyoci_objectstorage_bucketoci_objectstorage_objectoci_ons_notification_topicoci_ons_subscriptionoci_queue_queueoci_regionoci_resource_searchoci_resourcemanager_stackoci_streaming_streamoci_vault_secret
Table: oci_objectstorage_bucket - Query OCI Object Storage Buckets using SQL
Oracle Cloud Infrastructure's Object Storage service is an internet-scale, high-performance storage platform that offers reliable and cost-efficient data durability. The Object Storage service can store an unlimited amount of unstructured data of any content type, including analytic data and rich content, like images and videos. With strong consistency, your data is reliably stored and retrieved.
Table Usage Guide
The oci_objectstorage_bucket table provides insights into Object Storage Buckets within Oracle Cloud Infrastructure's Object Storage service. As a data engineer, you can explore bucket-specific details through this table, including its current state, storage tier, and associated metadata. Utilize it to uncover information about buckets, such as their public accessibility, region, and time of creation.
Examples
Basic info
Explore which storage buckets in your cloud environment are set to read-only. This can help you determine areas where data cannot be modified, aiding in data management and security.
select name, id, namespace, storage_tier, is_read_onlyfrom oci_objectstorage_bucket;select name, id, namespace, storage_tier, is_read_onlyfrom oci_objectstorage_bucket;List public buckets
Explore which storage buckets in your Oracle Cloud Infrastructure have public access. This is useful for identifying potential security risks and ensuring data privacy.
select id, name, namespace, public_access_typefrom oci_objectstorage_bucketwhere public_access_type LIKE 'Object%';select id, name, namespace, public_access_typefrom oci_objectstorage_bucketwhere public_access_type LIKE 'Object%';List buckets with versioning disabled
Identify the storage buckets where versioning is disabled. This is useful for assessing potential risks, as these buckets don't have the ability to recover previous versions of the data.
select id, name, namespace, versioningfrom oci_objectstorage_bucketwhere versioning = 'Disabled';select id, name, namespace, versioningfrom oci_objectstorage_bucketwhere versioning = 'Disabled';List buckets with object events disabled
Determine the areas in which object events are disabled within your data storage. This is useful for identifying potential gaps in your event tracking and monitoring setup.
select id, name, namespace, object_events_enabledfrom oci_objectstorage_bucketwhere not object_events_enabled;select id, name, namespace, object_events_enabledfrom oci_objectstorage_bucketwhere object_events_enabled = 0;List buckets with replication disabled
Identify storage buckets where replication is not enabled. This can be useful for ensuring data redundancy and availability in your infrastructure.
select id, name, namespace, replication_enabledfrom oci_objectstorage_bucketwhere not replication_enabled;select id, name, namespace, replication_enabledfrom oci_objectstorage_bucketwhere replication_enabled is not 1;List buckets without lifecycle
Discover the segments that lack a lifecycle policy in the object storage buckets. This is useful for identifying and rectifying areas where data might be accumulating indefinitely, leading to unnecessary storage costs.
select name, id, object_lifecycle_policy -> 'items' as object_lifecycle_policy_rulesfrom oci_objectstorage_bucketwhere object_lifecycle_policy ->> 'items' is null or jsonb_array_length(object_lifecycle_policy -> 'items') = 0;select name, id, json_extract(object_lifecycle_policy, '$.items') as object_lifecycle_policy_rulesfrom oci_objectstorage_bucketwhere json_extract(object_lifecycle_policy, '$.items') is null or json_array_length(json_extract(object_lifecycle_policy, '$.items')) = 0;Query examples
- identity_users_for_objectstorage_bucket
- kms_keys_for_objectstorage_bucket
- kms_vaults_for_objectstorage_bucket
- objectstorage_bucket_1_year
- objectstorage_bucket_24_hrs
- objectstorage_bucket_30_days
- objectstorage_bucket_365_days
- objectstorage_bucket_90_days
- objectstorage_bucket_access
- objectstorage_bucket_age_report
- objectstorage_bucket_archived_count
- objectstorage_bucket_by_compartment
- objectstorage_bucket_by_creation_month
- objectstorage_bucket_by_region
- objectstorage_bucket_by_tenancy
- objectstorage_bucket_count
- objectstorage_bucket_default_encryption_count
- objectstorage_bucket_encryption
- objectstorage_bucket_encryption_report
- objectstorage_bucket_input
- objectstorage_bucket_lifecycle_report
- objectstorage_bucket_object_lifecycle_policy
- objectstorage_bucket_overview
- objectstorage_bucket_public_access
- objectstorage_bucket_public_access_count
- objectstorage_bucket_public_access_report
- objectstorage_bucket_read_only
- objectstorage_bucket_read_only_access_count
- objectstorage_bucket_report_customer_managed_encryption_count
- objectstorage_bucket_tag
- objectstorage_bucket_versioning
- objectstorage_bucket_versioning_disabled_count
- objectstorage_buckets_for_kms_key
- objectstorage_objects_for_objectstorage_bucket
Control examples
- CIS v1.1.0 > 4 Object Storage > 4.1 Ensure no Object Storage buckets are publicly visible
- CIS v1.2.0 > 4 Storage > 4.1 Object Storage > 4.1.1 Ensure no Object Storage buckets are publicly visible
- CIS v1.2.0 > 4 Storage > 4.1 Object Storage > 4.1.2 Ensure Object Storage Buckets are encrypted with a Customer Managed Key
- CIS v1.2.0 > 4 Storage > 4.1 Object Storage > 4.1.3 Ensure Versioning is Enabled for Object Storage Buckets
- CIS v2.0.0 > 5 Storage > 5.1 Object Storage > 5.1.1 Ensure no Object Storage buckets are publicly visible
- CIS v2.0.0 > 5 Storage > 5.1 Object Storage > 5.1.2 Ensure Object Storage Buckets are encrypted with a Customer Managed Key
- CIS v2.0.0 > 5 Storage > 5.1 Object Storage > 5.1.3 Ensure Versioning is Enabled for Object Storage Buckets
Schema for oci_objectstorage_bucket
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| approximate_count | bigint | The approximate number of objects in the bucket. | |
| approximate_size | bigint | The approximate total size in bytes of all objects in the bucket. | |
| compartment_id | text | = | The OCID of the compartment in Tenant in which the resource is located. |
| created_by | text | The OCID of the user who created the bucket. | |
| defined_tags | jsonb | Defined tags for resource. Defined tags are set up in your tenancy by an administrator. Only users granted permission to work with the defined tags can apply them to resources. | |
| etag | text | The entity tag (ETag) for the bucket. | |
| freeform_tags | jsonb | Free-form tags for resource. This tags can be applied by any user with permissions on the resource. | |
| id | text | The OCID of the bucket. | |
| is_read_only | boolean | Whether or not this bucket is read only. | |
| kms_key_id | text | The OCID of a master encryption key used to call the Key Management service to generate a data encryption key or to encrypt or decrypt a data encryption key. | |
| metadata | jsonb | Arbitrary string keys and values for user-defined metadata. | |
| name | text | The name of the bucket. | |
| namespace | text | = | The Object Storage namespace in which the bucket lives. |
| object_events_enabled | boolean | Whether or not events are emitted for object state changes in this bucket. | |
| object_lifecycle_policy | jsonb | Specifies the object lifecycle policy for the bucket. | |
| object_lifecycle_policy_etag | text | The entity tag (ETag) for the live object lifecycle policy on the bucket. | |
| public_access_type | text | The type of public access enabled on this bucket. | |
| region | text | The OCI region in which the resource is located. | |
| replication_enabled | boolean | Whether or not this bucket is a replication source. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| storage_tier | text | The storage tier type assigned to the bucket. | |
| tags | jsonb | A map of tags for the resource. | |
| tenant_id | text | =, !=, ~~, ~~*, !~~, !~~* | The OCID of the Tenant in which the resource is located. |
| tenant_name | text | The name of the Tenant in which the resource is located. | |
| time_created | timestamp with time zone | The date and time the bucket was created. | |
| title | text | Title of the resource. | |
| versioning | text | The versioning status on the bucket. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ociYou can pass the configuration to the command with the --config argument:
steampipe_export_oci --config '<your_config>' oci_objectstorage_bucket