Control: Virtual Machine scale sets boot diagnostics should be enabled
Description
This policy identifies Azure Virtual Machines scale sets which has Boot Diagnostics setting Disabled. Boot Diagnostics when enabled for virtual machine, captures Screenshot and Console Output during virtual machine startup. This would help in troubleshooting virtual machine when it enters a non-bootable state.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.compute_vm_scale_set_boot_diagnostics_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.compute_vm_scale_set_boot_diagnostics_enabled --shareSQL
This control uses a named query:
select a.id as resource, case when (virtual_machine_diagnostics_profile -> 'bootDiagnostics' ->> 'enabled') :: boolean then 'ok' else 'alarm' end as status, case when (virtual_machine_diagnostics_profile -> 'bootDiagnostics' ->> 'enabled') :: boolean then a.title || ' boot diagnostics enabled.' else a.title || ' boot diagnostics disabled.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_compute_virtual_machine_scale_set as a, azure_subscription as subwhere sub.subscription_id = a.subscription_id;