Control: Subscriptions with custom roles should not be overly permissive
Description
This policy identifies azure subscriptions with custom roles are overly permissive. Least privilege access rule should be followed and only necessary privileges should be assigned instead of allowing full administrative access.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.iam_subscriptions_with_custom_roles_no_overly_permissiveSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.iam_subscriptions_with_custom_roles_no_overly_permissive --shareSQL
This control uses a named query:
iam_subscriptions_with_custom_roles_no_overly_permissive