Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
16Dashboards
1651Benchmarks
486Queries
8Variables
GitHub

Control: Cognitive Search services should use managed identity

Description

Cognitive Search services should use a managed identity for enhanced authentication security.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.search_service_uses_managed_identity

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.search_service_uses_managed_identity --share

SQL

This control uses a named query:

select
  s.id as resource,
  case
    when identity ->> 'type' = 'SystemAssigned' then 'ok'
    else 'alarm'
  end as status,
  case
    when identity ->> 'type' = 'SystemAssigned' then name || ' use managed identity.'
    else name || ' not use managed identity.'
  end as reason
  
  , s.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_search_service as s
  left join azure_subscription sub on s.subscription_id = sub.subscription_id;

Tags

service = Azure/CognitiveSearch