Control: Blob versioning should be enabled for storage accounts
Description
Ensure that blob versioning is enabled to allow automatic retention of previous versions of objects, which helps recover data in case of accidental deletion or overwrite.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.storage_account_blob_versioning_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.storage_account_blob_versioning_enabled --shareSQL
This control uses a named query:
select sa.id as resource, case when bs.is_versioning_enabled then 'ok' else 'alarm' end as status, case when bs.is_versioning_enabled then sa.name || ' has blob versioning enabled.' else sa.name || ' has blob versioning disabled.' end as reason , sa.resource_group as resource_group , sub.display_name as subscriptionfrom azure_storage_account as sa left join azure_storage_blob_service as bs on sa.name = bs.storage_account_name left join azure_subscription sub on sub.subscription_id = sa.subscription_id