Control: Container registries should restrict public network access

Description

Azure Container Registries should be configured with private endpoints and network rules to restrict public access.

Usage

Run the control in your terminal:

powerpipe control run azure_perimeter.control.container_registry_restrict_public_network_access

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_perimeter.control.container_registry_restrict_public_network_access --share

Steampipe Tables

azure_container_registry

azure_subscription

SQL

select
  r.id as resource,
  case
    when public_network_access = 'Disabled' then 'ok'
    else 'alarm'
  end as status,
  case
    when public_network_access = 'Disabled' then r.name || ' prohibits public network access.'
    else r.name || ' allows public network access.'
  end as reason
  
  , r.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_container_registry r,
  azure_subscription sub
where
  sub.subscription_id = r.subscription_id;

Control: Container registries should restrict public network access

Description

Usage

Steampipe Tables

SQL

Tags