Control: Private endpoint should be enabled for MySQL servers
Description
Private endpoint connections enforce secure communication by enabling private connectivity to Azure Database for MySQL. Configure a private endpoint connection to enable access to traffic coming only from known networks and prevent access from all other IP addresses, including within Azure.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.mysql_server_private_link_usedSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.mysql_server_private_link_used --shareSQL
This control uses a named query:
select a.id as resource, case when sku_tier = 'Basic' then 'skip' when private_endpoint_connections @> '[{"privateLinkServiceConnectionStateStatus": "Approved"}]'::jsonb then 'ok' else 'alarm' end as status, case when sku_tier = 'Basic' then a.name || ' is of ' || sku_tier || ' tier.' when private_endpoint_connections @> '[{"privateLinkServiceConnectionStateStatus": "Approved"}]'::jsonb then a.name || ' using private link.' else a.name || ' not using private link.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_mysql_server a, azure_subscription sub;