OCI Object Storage bucket does not emit object events
Description
This policy identifies the OCI Object Storage buckets that are disabled with object events emission. Monitoring and alerting on object events of bucket objects will help in identifying changes bucket objects. It is recommended that buckets should be enabled to emit object events.
Code Example
go
resource "oci_objectstorage_bucket" "pass" {
...
object_events_enabled = true
...
}Remediation
- OCI Console*
. Login to the OCI Console
. Type the resource reported in the alert into the Search box at the top of the Console.
. Click the resource reported in the alert from the Resources submenu
. Next to Emit Object Events, click Edit.
. In the dialog box, select EMIT OBJECT EVENTS (to enable).
. Click Save Changes. === Fix - Buildtime
Terraform
- Resource: oci_objectstorage_bucket
- Arguments: agent_config.is_monitoring_disabled
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1234 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_OCI_7 |