turbot/steampipe-mod-azure-compliance

Control: Private endpoint should be enabled for MariaDB servers

Description

Private endpoint connections enforce secure communication by enabling private connectivity to Azure Database for MariaDB. Configure a private endpoint connection to enable access to traffic coming only from known networks and prevent access from all other IP addresses, including within Azure.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.mariadb_server_private_link_used

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.mariadb_server_private_link_used --share

SQL

This control uses a named query:

select
a.id as resource,
case
-- Only applicable to standard tier
when sku_tier = 'Basic' then 'skip'
when private_endpoint_connections @> '[{"privateLinkServiceConnectionStateStatus": "Approved"}]'::jsonb then 'ok'
else 'alarm'
end as status,
case
when sku_tier = 'Basic' then a.name || ' is of ' || sku_tier || ' tier.'
when private_endpoint_connections @> '[{"privateLinkServiceConnectionStateStatus": "Approved"}]'::jsonb then a.name || ' using private link.'
else a.name || ' not using private link.'
end as reason
, a.resource_group as resource_group
, sub.display_name as subscription
from
azure_mariadb_server a,
azure_subscription sub
where
sub.subscription_id = a.subscription_id;

Tags