Control: App Service apps should use a virtual network service endpoint
Description
Use virtual network service endpoints to restrict access to your app from selected subnets from an Azure virtual network. To learn more about App Service service endpoints, visit https://aks.ms/appservice-vnet-service-endpoint.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.appservice_web_app_use_virtual_service_endpointSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.appservice_web_app_use_virtual_service_endpoint --shareSQL
This control uses a named query:
select a.id as resource, case when vnet_connection -> 'properties' -> 'vnetResourceId' is not null then 'ok' else 'alarm' end as status, case when vnet_connection -> 'properties' -> 'vnetResourceId' is not null then a.name || ' configured with virtual network service endpoint.' else a.name || ' not configured with virtual network service endpoint.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_app_service_web_app as a, azure_subscription as subwhere sub.subscription_id = a.subscription_id;