Control: API Management services should use a virtual network
Description
Azure Virtual Network deployment provides enhanced security, isolation and allows you to place your API Management service in a non-internet routable network that you control access to. These networks can then be connected to your on-premises networks using various VPN technologies, which enables access to your backend services within the network and/or on-premises. The developer portal and API gateway, can be configured to be accessible either from the Internet or only within the virtual network.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.apimanagement_service_with_virtual_networkSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.apimanagement_service_with_virtual_network --shareSQL
This control uses a named query:
select a.id as resource, case when virtual_network_type != 'None' then 'ok' else 'alarm' end as status, a.name || ' Virtual network is set to ' || virtual_network_type as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_api_management a, azure_subscription sub;