Control: Enable Role Based Access Control for Azure Key Vault
Description
Role assignments disappear when a Key Vault has been deleted (soft- delete) and recovered. Afterwards it will be required to recreate all role assignments. This is a limitation of the soft-delete feature across all Azure services.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.keyvault_rbac_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.keyvault_rbac_enabled --shareSQL
This control uses a named query:
select kv.id as resource, case when enable_rbac_authorization then 'ok' else 'alarm' end as status, case when enable_rbac_authorization then name || ' has RBAC enabled.' else name || ' have RBAC disabled.' end as reason , kv.resource_group as resource_group , sub.display_name as subscriptionfrom azure_key_vault as kv, azure_subscription as subwhere sub.subscription_id = kv.subscription_id;