Control: Container instance container groups should use secured environment variable
Description
Ensure that container instance container group uses secured environment variables. This control is non-compliant if container instance container group does not uses secured environment variables.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.container_instance_container_group_secured_environment_variableSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.container_instance_container_group_secured_environment_variable --shareSQL
This control uses a named query:
with not_secured_environment_variable_container_group as ( select id from azure_container_group, jsonb_array_elements(containers) as c, jsonb_array_elements(c -> 'properties' -> 'environmentVariables') as v where v ->'value' is not null)select cg.id as resource, case when g.id is not null then 'alarm' else 'ok' end as status, case when g.id is not null then cg.name || ' have unsecured environment variable.' else cg.name || ' have secured environment variable.' end as reason , cg.resource_group as resource_group , sub.display_name as subscriptionfrom azure_container_group as cg left join not_secured_environment_variable_container_group as g on g.id = cg.id left join azure_subscription as sub on sub.subscription_id = cg.subscription_id;