turbot/steampipe-mod-azure-compliance

Query: storage_account_uses_private_link

Usage

powerpipe query azure_compliance.query.storage_account_uses_private_link

SQL

with storage_account_connection as (
select
a.id,
a.name,
count(*) as total_connections,
count(case when connection -> 'properties' -> 'privateLinkServiceConnectionState' ->> 'status' = 'Approved' then 1 end) as approved_connections,
count(case when connection -> 'properties' -> 'privateLinkServiceConnectionState' ->> 'status' != 'Approved' then 1 end) as non_approved_connections
from
azure_storage_account as a,
jsonb_array_elements(private_endpoint_connections) as connection
where
private_endpoint_connections is not null
and jsonb_array_length(private_endpoint_connections) > 0
group by
a.id, a.name
)
select
distinct a.id as resource,
case
when jsonb_array_length(private_endpoint_connections) = 0 then 'alarm'
when s.approved_connections > 0 and s.non_approved_connections = 0 then 'ok'
when s.non_approved_connections > 0 then 'alarm'
end as status,
case
when jsonb_array_length(private_endpoint_connections) = 0 then a.name || ' not uses private link.'
when s.approved_connections > 0 and s.non_approved_connections = 0 then a.name || ' uses approved private link(s).'
else a.name || ' has non approved private link(s).'
end as reason
, a.resource_group as resource_group
, sub.display_name as subscription
from
azure_storage_account as a
left join storage_account_connection as s on a.id = s.id
left join azure_subscription as sub on sub.subscription_id = a.subscription_id;

Controls

The query is being used by the following controls: