🚀Launch Week 08, April 14th - 18th, 2025🚀
Steampipe Hub 
Hub
Plugins
turbot/terraform
Overview
7
Tables
827
QueriesPowerpipeModsGitHub

Query: Elasticsearch domain should send logs to cloudWatch

Description

Ensure if Amazon OpenSearch Service (OpenSearch Service) domains are configured to send logs to Amazon CloudWatch Logs. The rule is complaint if a log is enabled for an OpenSearch Service domain. This rule is non complain if logging is not configured.

Query

Tables used in this query:

Controls using this query:

SQL

select
  address as resource,
  case
    when (attributes_std -> 'log_publishing_options') @> '[{"log_type": "ES_APPLICATION_LOGS"}]'
    and (attributes_std -> 'log_publishing_options') @> '[{"log_type": "ES_APPLICATION_LOGS"}]'
    and (attributes_std -> 'log_publishing_options') @> '[{"log_type": "ES_APPLICATION_LOGS"}]' then 'ok'
    else 'alarm'
  end status,
  split_part(address, '.', 2) || case
    when (attributes_std -> 'log_publishing_options') @> '[{"log_type": "ES_APPLICATION_LOGS"}]'
    and (attributes_std -> 'log_publishing_options') @> '[{"log_type": "ES_APPLICATION_LOGS"}]'
    and (attributes_std -> 'log_publishing_options') @> '[{"log_type": "ES_APPLICATION_LOGS"}]' then ' logging enabled for search , index and error'
    else ' logging not enabled for all search, index and error'
  end || '.' reason,
  path || ':' || start_line
from
  terraform_resource
where
  type = 'aws_elasticsearch_domain';