Control: Azure Synapse workspaces should use private link
Description
Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to Azure Synapse workspace, data leakage risks are reduced.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.synapse_workspace_private_link_usedSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.synapse_workspace_private_link_used --shareSQL
This control uses a named query:
select a.id as resource, case when private_endpoint_connections @> '[{"privateLinkServiceConnectionStateStatus": "Approved"}]' then 'ok' else 'alarm' end as status, case when private_endpoint_connections @> '[{"privateLinkServiceConnectionStateStatus": "Approved"}]' then a.name || ' uses private link.' else a.name || ' not uses private link.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_synapse_workspace as a left join azure_subscription as sub on sub.subscription_id = a.subscription_id;