Control: API Management services should use a virtual network
Description
Azure Virtual Network deployment provides enhanced security, isolation and allows you to place your API Management service in a non-internet routable network that you control access to. These networks can then be connected to your on-premises networks using various VPN technologies, which enables access to your backend services within the network and/or on-premises. The developer portal and API gateway, can be configured to be accessible either from the Internet or only within the virtual network.
Usage
Run the control in your terminal:
powerpipe control run terraform_azure_compliance.control.apimanagement_service_with_virtual_networkSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_azure_compliance.control.apimanagement_service_with_virtual_network --shareSQL
This control uses a named query:
select address as resource, case when (attributes_std -> 'virtual_network_type') is null then 'alarm' when (attributes_std ->> 'virtual_network_type')::text <> 'None' then 'ok' else 'alarm' end status, split_part(address, '.', 2) || case when (attributes_std -> 'virtual_network_type') is null then ' ''virtual_network_type'' is not set' else ' virtual network is set to ' || (attributes_std ->> 'virtual_network_type') end || '.' reason , path || ':' || start_linefrom terraform_resourcewhere type = 'azurerm_api_management';