Control: Deploy network watcher when virtual networks are created
Description
This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.network_watcher_in_regions_with_virtual_networkSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.network_watcher_in_regions_with_virtual_network --shareSQL
This control uses a named query:
select a.id resource, case when b.region is null then 'alarm' when lower(b.resource_group) = 'networkwatcherrg' then 'ok' else 'alarm' end as status, case when b.region is null then 'Network watcher does not exist in region' || a.region || '.' when lower(b.resource_group) = 'networkwatcherrg' then b.name || ' exist in networkWatcherRG resource group.' else b.name || ' does not exist in networkWatcherRG resource group.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_virtual_network as a left join azure_network_watcher as b on a.region = b.region left join azure_subscription sub on sub.subscription_id = a.subscription_id;