Control: Ensure 'Allow public access from any Azure service within Azure to this server' for PostgreSQL flexible server is disabled
Description
Disable access from Azure services to PostgreSQL flexible server.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.postgres_flexible_server_allow_access_to_azure_services_disabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.postgres_flexible_server_allow_access_to_azure_services_disabled --shareSQL
This control uses a named query:
with postgres_flexible_server_with_allow_access_to_azure_services as ( select id from azure_postgresql_flexible_server, jsonb_array_elements(firewall_rules) as r where r -> 'properties' ->> 'endIpAddress' = '0.0.0.0' or r -> 'properties' ->> 'startIpAddress' = '0.0.0.0')select s.id as resource, case when a.id is not null then 'alarm' else 'ok' end as status, case when a.id is not null then s.title || ' does not restrict access to azure services.' else s.title || ' restricts access to azure services.' end as reason , s.resource_group as resource_group , sub.display_name as subscriptionfrom azure_postgresql_flexible_server as s left join postgres_flexible_server_with_allow_access_to_azure_services as a on a.id = s.id, azure_subscription as subwhere sub.subscription_id = s.subscription_id;