Control: Container registries should be geo-replicated
Description
Ensure that container registries are geo-replicated to align with multi-region container deployments.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.container_registry_geo_replication_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.container_registry_geo_replication_enabled --shareSQL
This control uses a named query:
with geo_replication_count as ( select name as name, subscription_id, (v ->> 'currentValue')::int as geo_replication_count from azure_container_registry, jsonb_array_elements(usages -> 'value') as v where v ->> 'name' = 'Geo-replications' and v ->> 'unit' = 'Count')select distinct a.name as resource, case when sku_name <> 'Premium' then 'skip' when c.geo_replication_count > 1 then 'ok' else 'alarm' end as status, case when sku_name <> 'Premium' then a.name || ' is of ' || sku_tier || ' tier.' when c.geo_replication_count > 1 then a.name || ' ' || c.geo_replication_count || ' geo replication configured.' else a.name || ' geo replication not configured.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_container_registry as a left join geo_replication_count as c on a.name = c.name and a.subscription_id = c.subscription_id, azure_subscription as subwhere sub.subscription_id = a.subscription_id;