Control: Network interfaces should not have a public IP address
Description
Azure network interfaces should not be assigned public IP addresses unless explicitly required for the workload to minimize internet exposure.
Usage
Run the control in your terminal:
powerpipe control run azure_perimeter.control.network_interface_not_attached_to_public_ip
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_perimeter.control.network_interface_not_attached_to_public_ip --share
Steampipe Tables
SQL
with nic_public_ips as ( select ni.id, ni.name, ni.tags, ni.resource_group, ni._ctx, ni.region, ni.subscription_id, case when jsonb_path_exists(ni.ip_configurations, '$[*].properties.publicIPAddress.id') then 'has_public_ip' else 'no_public_ip' end as public_ip_status from azure_network_interface ni)select nip.id as resource, case when public_ip_status = 'no_public_ip' then 'ok' else 'alarm' end as status, case when public_ip_status = 'no_public_ip' then nip.name || ' does not have public IP addresses.' else nip.name || ' has public IP addresses assigned.' end as reason , nip.resource_group as resource_group , sub.display_name as subscriptionfrom nic_public_ips nip, azure_subscription subwhere sub.subscription_id = nip.subscription_id;