Control: Azure Spring Cloud should use network injection
Description
Azure Spring Cloud instances should use virtual network injection for the following purposes: 1. Isolate Azure Spring Cloud from Internet. 2. Enable Azure Spring Cloud to interact with systems in either on premises data centers or Azure service in other virtual networks. 3. Empower customers to control inbound and outbound network communications for Azure Spring Cloud.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.spring_cloud_service_network_injection_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.spring_cloud_service_network_injection_enabled --shareSQL
This control uses a named query:
select distinct a.name as resource, case when sku_tier <> 'Standard' then 'skip' when sku_tier = 'Standard' and network_profile ->> 'ServiceRuntimeSubnetID' is not null then 'ok' else 'alarm' end as status, case when sku_tier <> 'Standard' then a.name || ' is of ' || sku_tier || ' tier.' when sku_tier = 'Standard' and network_profile ->> 'ServiceRuntimeSubnetID' is not null then a.name || ' network injection enabled.' else a.name || ' network injection disabled.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_spring_cloud_service as a, azure_subscription as subwhere sub.subscription_id = a.subscription_id;