Control: Public network access should be disabled for PostgreSQL servers
Description
Disable the public network access property to improve security and ensure your Azure Database for PostgreSQL can only be accessed from a private endpoint. This configuration disables access from any public address space outside of Azure IP range, and denies all logins that match IP or virtual network-based firewall rules.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.postgresql_server_public_network_access_disabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.postgresql_server_public_network_access_disabled --shareSQL
This control uses a named query:
select s.id as resource, case when public_network_access = 'Enabled' then 'alarm' else 'ok' end as status, case when public_network_access = 'Enabled' then name || ' public network access enabled.' else name || ' public network access disabled.' end as reason , s.resource_group as resource_group , sub.display_name as subscriptionfrom azure_postgresql_server as s, azure_subscription as subwhere sub.subscription_id = s.subscription_id;