🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
13Dashboards
1311Benchmarks
430Queries
2Variables
GitHub

Control: Service bus namespace should be configured with Azure Active Directory (Azure AD) authentication

Description

This policy identifies Service bus namespaces that are not configured with Azure Active Directory (Azure AD) authentication and are enabled with local authentication. Azure AD provides superior security and ease of use over shared access signatures (SAS). With Azure AD, there's no need to store the tokens in your code and risk potential security vulnerabilities. It is recommended to configure the Service bus namespaces with Azure AD authentication so that all actions are strongly authenticated.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.servicebus_namespace_azure_ad_authentication_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.servicebus_namespace_azure_ad_authentication_enabled --share

SQL

This control uses a named query:

select
  a.id as resource,
  case
    when status = 'Active'
    and not disable_local_auth then 'alarm'
    else 'ok'
  end as status,
  case
    when status = 'Active'
    and not disable_local_auth then a.name || ' namespace not configured with Azure AD authentication.'
    else a.name || ' namespace configured with Azure AD authentication.'
  end as reason
  
  , a.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_servicebus_namespace a,
  azure_subscription sub;

Tags

service = Azure/ServiceBus