Control: Subnets should be associated with a Network Security Group
Description
This policy denies if a gateway subnet is configured with a network security group. Assigning a network security group to a gateway subnet will cause the gateway to stop functioning.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.network_security_group_subnet_associatedSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.network_security_group_subnet_associated --shareSQL
This control uses a named query:
select sg.id resource, case when subnets is null then 'alarm' else 'ok' end as status, case when subnets is null then name || ' not associated with subnet.' else name || ' associated with ' || split_part(rtrim((subnet -> 'id') :: text, '"'), '/subnets/',2) || '.' end as reason , sg.resource_group as resource_group , sub.display_name as subscriptionfrom azure_network_security_group as sg join azure_subscription as sub on sub.subscription_id = sg.subscription_id left join jsonb_array_elements(subnets) as subnet on true;