Control: App Service should use a virtual network service endpoint

Description

This policy audits any App Service not configured to use a virtual network service endpoint.

Usage

Run the control in your terminal:

powerpipe control run terraform_azure_compliance.control.appservice_web_app_use_virtual_service_endpoint

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run terraform_azure_compliance.control.appservice_web_app_use_virtual_service_endpoint --share

SQL

This control uses a named query:

with app_service as (
  select
    '${azurerm_app_service.' || name || '.id}' as id,
    *
  from
    terraform_resource
  where
    type = 'azurerm_app_service'
), app_service_vnet as (
    select
      *
    from
      terraform_resource
    where
      type = 'azurerm_app_service_slot_virtual_network_swift_connection'
      and (attributes_std ->> 'subnet_id') is not null
)
select
  a.address as resource,
  case
    when (s.attributes_std ->> 'app_service_id') is null then 'alarm'
    else 'ok'
  end as status,
  split_part(a.address, '.', 2) || case
    when (s.attributes_std ->> 'app_service_id') is null then  ' not configured with virtual network service endpoint'
    else ' configured with virtual network service endpoint'
  end || '.' reason
  
  , a.path || ':' || a.start_line
from
  app_service as a
  left join app_service_vnet as s on a.id = (s.attributes_std ->> 'app_service_id');

Control: App Service should use a virtual network service endpoint

Description

Usage

SQL

Tags