Control: Compute virtual machines should not have a public IP address
Description
Azure compute virtual machines should not have a public IP address directly assigned to it to reduce exposure to internet-based attacks.
Usage
Run the control in your terminal:
powerpipe control run azure_perimeter.control.compute_vm_no_public_ip
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_perimeter.control.compute_vm_no_public_ip --share
Steampipe Tables
SQL
select vm.id as resource, case when jsonb_array_length(vm.public_ips) = 0 or vm.public_ips is null then 'ok' else 'alarm' end as status, case when jsonb_array_length(vm.public_ips) = 0 or vm.public_ips is null then vm.name || ' does not have public IP addresses.' else vm.name || ' has public IP addresses: ' || array_to_string(array(select jsonb_array_elements_text(vm.public_ips)), ', ') end as reason , vm.resource_group as resource_group , sub.display_name as subscriptionfrom azure_compute_virtual_machine vm, azure_subscription subwhere sub.subscription_id = vm.subscription_id;