turbot/steampipe-mod-azure-perimeter

Control: Container registries should restrict public network access

Description

Azure Container Registries should be configured with private endpoints and network rules to restrict public access.

Usage

Run the control in your terminal:

powerpipe control run azure_perimeter.control.container_registry_restrict_public_network_access

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_perimeter.control.container_registry_restrict_public_network_access --share

Steampipe Tables

SQL

select
r.id as resource,
case
when public_network_access = 'Disabled' then 'ok'
else 'alarm'
end as status,
case
when public_network_access = 'Disabled' then r.name || ' prohibits public network access.'
else r.name || ' allows public network access.'
end as reason
, r.resource_group as resource_group
, sub.display_name as subscription
from
azure_container_registry r,
azure_subscription sub
where
sub.subscription_id = r.subscription_id;

Tags