Control: Event Hub should use a virtual network service endpoint
Description
This policy audits any Event Hub not configured to use a virtual network service endpoint.
Usage
Run the control in your terminal:
powerpipe control run terraform_azure_compliance.control.eventhub_namespace_use_virtual_service_endpointSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_azure_compliance.control.eventhub_namespace_use_virtual_service_endpoint --shareSQL
This control uses a named query:
with eventhub_namespaces as ( select * from terraform_resource where type = 'azurerm_eventhub_namespace'), eventhub_namespaces_subnet as ( select distinct address from eventhub_namespaces as a, jsonb_array_elements(attributes_std -> 'network_rulesets') as rule where jsonb_typeof(attributes_std -> 'network_rulesets') ='array' and (rule -> 'virtual_network_rule' ->> 'subnet_id') is not null)select a.address as resource, case when (attributes_std -> 'network_rulesets') is null then 'alarm' when (s.address is not null) or ((attributes_std -> 'network_rulesets' -> 'virtual_network_rule' -> 'subnet_id') is not null) then 'ok' else 'alarm' end as status, split_part(a.address, '.', 2) || case when (attributes_std -> 'network_rulesets') is null then ' ''network_rule_set'' is not defined' when (s.address is not null) or ((attributes_std -> 'network_rulesets' -> 'virtual_network_rule' -> 'subnet_id') is not null) then ' configured with virtual network service endpoint' else ' not configured with virtual network service endpoint' end || '.' reason , path || ':' || start_linefrom eventhub_namespaces as a left join eventhub_namespaces_subnet as s on a.address = s.address;