turbot/steampipe-mod-azure-perimeter

Control: Network interfaces should not have a public IP address

Description

Azure network interfaces should not be assigned public IP addresses unless explicitly required for the workload to minimize internet exposure.

Usage

Run the control in your terminal:

powerpipe control run azure_perimeter.control.network_interface_not_attached_to_public_ip

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_perimeter.control.network_interface_not_attached_to_public_ip --share

Steampipe Tables

SQL

with nic_public_ips as (
select
ni.id,
ni.name,
ni.tags,
ni.resource_group,
ni._ctx,
ni.region,
ni.subscription_id,
case
when jsonb_path_exists(ni.ip_configurations, '$[*].properties.publicIPAddress.id') then 'has_public_ip'
else 'no_public_ip'
end as public_ip_status
from
azure_network_interface ni
)
select
nip.id as resource,
case
when public_ip_status = 'no_public_ip' then 'ok'
else 'alarm'
end as status,
case
when public_ip_status = 'no_public_ip' then nip.name || ' does not have public IP addresses.'
else nip.name || ' has public IP addresses assigned.'
end as reason
, nip.resource_group as resource_group
, sub.display_name as subscription
from
nic_public_ips nip,
azure_subscription sub
where
sub.subscription_id = nip.subscription_id;

Tags