turbot/azure_compliance

Query: keyvault_vault_public_network_access_disabled

Usage

powerpipe query azure_compliance.query.keyvault_vault_public_network_access_disabled

SQL

select
a.id as resource,
case
-- In case'defaultAction' = 'Allow', All Network including internet is allowed
-- Default All network will have not network_acls associated
when network_acls is null or network_acls ->> 'defaultAction' != 'Deny' then 'alarm'
else 'ok'
end as status,
case
when network_acls is null or network_acls ->> 'defaultAction' != 'Deny' then a.name || ' public network access enabled.'
else a.name || ' public network access disabled.'
end as reason
, a.resource_group as resource_group
, sub.display_name as subscription
from
azure_key_vault a,
azure_subscription sub;

Controls

The query is being used by the following controls: