turbot/steampipe-mod-azure-compliance

Control: Soft delete for Azure File Shares should be enabled

Description

Enable soft delete for Azure File Shares to allow recovery of data that is mistakenly deleted by an application or user.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.storage_account_file_share_soft_delete_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.storage_account_file_share_soft_delete_enabled --share

SQL

This control uses a named query:

with storage_account_with_file_share as (
select
distinct storage_account_name,
subscription_id,
resource_group
from
azure_storage_share_file
)
select
sa.id as resource,
case
when fs.storage_account_name is null then 'skip'
when file_soft_delete_enabled and file_soft_delete_retention_days between 1 and 365 then 'ok'
else 'alarm'
end as status,
case
when fs.storage_account_name is null then name || ' does not have file share.'
when not file_soft_delete_enabled then name || ' file share soft delete disabled.'
when file_soft_delete_retention_days < 1 or file_soft_delete_retention_days > 365
then name || ' file share soft delete retention days (' || file_soft_delete_retention_days || ') not between 1 and 365.'
else name || ' file share soft delete enabled with ' || file_soft_delete_retention_days || ' days retention.'
end as reason
, sa.resource_group as resource_group
, sub.display_name as subscription
from
azure_storage_account sa
left join storage_account_with_file_share as fs on sa.name = fs.storage_account_name and sa.subscription_id = fs.subscription_id and sa.resource_group = fs.resource_group
left join azure_subscription sub on sub.subscription_id = sa.subscription_id;

Tags