Control: Private endpoint should be enabled for MariaDB servers
Description
Private endpoint connections enforce secure communication by enabling private connectivity to Azure Database for MariaDB. Configure a private endpoint connection to enable access to traffic coming only from known networks and prevent access from all other IP addresses, including within Azure.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.mariadb_server_private_link_used
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.mariadb_server_private_link_used --share
SQL
This control uses a named query:
select a.id as resource, case -- Only applicable to standard tier when sku_tier = 'Basic' then 'skip' when private_endpoint_connections @> '[{"privateLinkServiceConnectionStateStatus": "Approved"}]'::jsonb then 'ok' else 'alarm' end as status, case when sku_tier = 'Basic' then a.name || ' is of ' || sku_tier || ' tier.' when private_endpoint_connections @> '[{"privateLinkServiceConnectionStateStatus": "Approved"}]'::jsonb then a.name || ' using private link.' else a.name || ' not using private link.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_mariadb_server a, azure_subscription subwhere sub.subscription_id = a.subscription_id;