Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
16Dashboards
1651Benchmarks
486Queries
8Variables
GitHub

Control: Ensure 'No Public IP' is set to 'Enabled'

Description

Enable secure cluster connectivity (also known as no public IP) on Azure Databricks workspaces to ensure that clusters do not have public IP addresses and communicate with the control plane over a secure connection.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.databricks_workspace_no_public_ip_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.databricks_workspace_no_public_ip_enabled --share

SQL

This control uses a named query:

select
  a.id as resource,
  case
    when (parameters -> 'enableNoPublicIp' -> 'value')::bool then 'ok'
    else 'alarm'
  end as status,
  case
    when (parameters -> 'enableNoPublicIp' -> 'value')::bool then a.name || ' no public IP enabled.'
    else a.name || ' no public IP disabled.'
  end as reason
  
  , a.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_databricks_workspace as a
  left join azure_subscription as sub on sub.subscription_id = a.subscription_id;

Tags

service = Azure/Databricks