Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
16Dashboards
1651Benchmarks
486Queries
8Variables
GitHub

Control: Recovery Services vaults should use managed identity

Description

Recovery Services vaults should use a managed identity for enhanced authentication security.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.recovery_service_vault_uses_managed_identity

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.recovery_service_vault_uses_managed_identity --share

SQL

This control uses a named query:

select
  s.id as resource,
  case
    when identity is null or identity ->> 'type' = 'None' then 'alarm'
    else 'ok'
  end as status,
  case
    when identity is null or identity ->> 'type' = 'None' then name || ' not uses managed identity.'
    else name || ' uses managed identity.'
  end as reason
  
  , s.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_recovery_services_vault as s
  left join azure_subscription as sub on sub.subscription_id = s.subscription_id;

Tags

service = Azure/RecoveryServices