Control: Azure Cache for Redis should use private link
Description
Private endpoints lets you connect your virtual network to Azure services without a public IP address at the source or destination. By mapping private endpoints to your Azure Cache for Redis instances, data leakage risks are reduced.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.redis_cache_uses_private_linkSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.redis_cache_uses_private_link --shareSQL
This control uses a named query:
with redis_private_connection as ( select distinct a.id from azure_redis_cache as a, jsonb_array_elements(private_endpoint_connections) as connection where connection -> 'properties' -> 'privateLinkServiceConnectionState' ->> 'status' = 'Approved')select a.id as resource, case when c.id is null then 'alarm' else 'ok' end as status, case when c.id is null then a.name || ' not uses private link.' else a.name || ' uses private link.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_redis_cache as a left join redis_private_connection as c on c.id = a.id, azure_subscription as subwhere sub.subscription_id = a.subscription_id;