Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
15Dashboards
1471Benchmarks
461Queries
8Variables
GitHub

Benchmark: 2.2.2.1 Ensure Private Endpoints are used to access {service}

Overview

Use private endpoints to allow clients and services to securely access data located over a network via an encrypted Private Link. To do this, the private endpoint uses an IP address from the VNet for each service. Network traffic between disparate services securely traverses encrypted over the VNet. This VNet can also link addressing space, extending your network and accessing resources on it. Similarly, it can be a tunnel through public networks to connect remote infrastructures together. This creates further security through segmenting network traffic and preventing outside sources from accessing it.

Securing traffic between services through encryption protects the data from easy interception and reading.

Default Value

By default, Private Endpoints are not created for services.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-azure-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select 2.2.2.1 Ensure Private Endpoints are used to access {service}.

Run this benchmark in your terminal:

powerpipe benchmark run azure_compliance.benchmark.cis_v400_2_2_2_1

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run azure_compliance.benchmark.cis_v400_2_2_2_1 --share

Controls

Tags

category = Compliance
cis = true
cis_item_id = 2.2.2.1
cis_level = 2
cis_section_id = 2.2.2
cis_type = automated
cis_version = v4.0.0
plugin = azure
service = Azure