Table: gcp_storage_buckets

This table shows data for GCP Storage Buckets.

https://pkg.go.dev/cloud.google.com/go/storage#BucketAttrs (opens in a new tab)

The primary key for this table is name.

Relations

The following tables depend on gcp_storage_buckets:

Columns

NameType
_cq_iduuid
_cq_parent_iduuid
project_idutf8
name (PK)utf8
acljson
bucket_policy_onlyjson
uniform_bucket_level_accessjson
public_access_preventionint64
default_object_acljson
default_event_based_holdbool
predefined_aclutf8
predefined_default_object_aclutf8
locationutf8
custom_placement_configjson
meta_generationint64
storage_classutf8
createdtimestamp[us, tz=UTC]
versioning_enabledbool
labelsjson
requester_paysbool
lifecyclejson
retention_policyjson
corsjson
encryptionjson
loggingjson
websitejson
etagutf8
location_typeutf8
project_numberint64
rpoint64
autoclassjson

Example Queries

These SQL queries are sampled from CloudQuery policies and are compatible with PostgreSQL.

Ensure that retention policies on log buckets are configured using Bucket Lock (Automated)

SELECT
  DISTINCT
  gsb.name AS resource_id,
  'Ensure that retention policies on log buckets are configured using Bucket Lock (Automated)'
    AS title,
  gls.project_id AS project_id,
  CASE
  WHEN gls.destination LIKE 'storage.googleapis.com/%'
  AND (
      (gsb.retention_policy->>'IsLocked')::BOOL = false
      OR (gsb.retention_policy->>'RetentionPeriod')::INT8 = 0
    )
  THEN 'fail'
  ELSE 'pass'
  END
    AS status
FROM
  gcp_logging_sinks AS gls
  JOIN gcp_storage_buckets AS gsb ON
      gsb.name = replace(gls.destination, 'storage.googleapis.com/', '');

Ensure that Cloud Storage buckets have uniform bucket-level access enabled (Automated)

SELECT
  name AS resource_id,
  'Ensure that Cloud Storage buckets have uniform bucket-level access enabled (Automated)'
    AS title,
  project_id AS project_id,
  CASE
  WHEN (uniform_bucket_level_access->>'Enabled')::BOOL = false THEN 'fail'
  ELSE 'pass'
  END
    AS status
FROM
  gcp_storage_buckets;