Control: Private endpoints should be used to access storage accounts
Description
Use private endpoints for your Azure Storage accounts to allow clients and services to securely access data over a private network.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.storage_account_private_endpoint_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.storage_account_private_endpoint_enabled --shareSQL
This control uses a named query:
select sa.id as resource, case when private_endpoint_connections is not null and jsonb_array_length(private_endpoint_connections) > 0 then 'ok' else 'alarm' end as status, case when private_endpoint_connections is null then name || ' has no private endpoint connections configured.' when jsonb_array_length(private_endpoint_connections) = 0 then name || ' has no private endpoint connections.' else name || ' has ' || jsonb_array_length(private_endpoint_connections) || ' private endpoint connection(s).' end as reason , sa.resource_group as resource_group , sub.display_name as subscriptionfrom azure_storage_account sa, azure_subscription subwhere sub.subscription_id = sa.subscription_id;