🚀 Launch Week 10, September 22nd - 26th, 2025 🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-perimeter
Overview
2Dashboards
14Benchmarks
0Queries
3Variables
GitHub

Control: SQL servers should restrict public network access

Description

Azure SQL servers should be configured to restrict public network access through firewall rules, virtual network rules, private endpoints, or by disabling public network access entirely.

Usage

Run the control in your terminal:

powerpipe control run azure_perimeter.control.sql_server_restrict_public_network_access

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_perimeter.control.sql_server_restrict_public_network_access --share

Steampipe Tables

azure_sql_server
azure_subscription
Azure plugin

SQL

  select
    s.id as resource,
  case
    when public_network_access = 'Disabled' then 'ok'
    else 'alarm'
  end as status,
  case
    when public_network_access = 'Disabled' then s.name || ' has public network access disabled.'
    else s.name || ' has public network access enabled.'
  end as reason
  
  , s.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_sql_server s,
  azure_subscription sub
where
  sub.subscription_id = s.subscription_id;

Tags

category = Perimeter
plugin = azure
service = Azure/SQL