Control: Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign
Description
Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.servicefabric_cluster_protection_level_as_encrypt_and_signSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.servicefabric_cluster_protection_level_as_encrypt_and_sign --shareSQL
This control uses a named query:
select a.id as resource, case when fabric_settings @> '[{"parameters":[{"value": "EncryptAndSign"}]}]'::jsonb then 'ok' else 'alarm' end as status, case when fabric_settings @> '[{"parameters":[{"value": "EncryptAndSign"}]}]'::jsonb then a.name || ' ClusterProtectionLevel property set to EncryptAndSign.' else a.name || ' ClusterProtectionLevel property not set to EncryptAndSign.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_service_fabric_cluster a, azure_subscription sub;