Use files, branches, or tags for mod dependencies →
Powerpipe Hub 
Hub
Mods
turbot/terraform_azure_compliance
Overview
46Dashboards
291Controls
291Queries
2Variables
GitHub

Query: sql_database_allow_internet_access

Usage

powerpipe query terraform_azure_compliance.query.sql_database_allow_internet_access

Steampipe Tables

terraform_resource
Terraform plugin

SQL

select
  address as resource,
  case
    when
      coalesce(trim(attributes_std ->> 'start_ip_address'), '') = ''
      or coalesce(trim(attributes_std ->> 'end_ip_address'), '') = ''
      or (attributes_std ->> 'end_ip_address' = '0.0.0.0'
        and attributes_std ->> 'start_ip_address' = '0.0.0.0')
      or (attributes_std ->> 'end_ip_address' = '0.0.0.0'
        and attributes_std ->> 'start_ip_address' = '255.255.255.255')
    then 'alarm'
    else 'ok'
  end status,
  split_part(address, '.', 2) || case
    when  coalesce(trim(attributes_std ->> 'start_ip_address'), '') = ''
    then ' ''start_ip_address'' is not defined.'
    when  coalesce(trim(attributes_std ->> 'end_ip_address'), '') = ''
    then ' ''end_ip_address'' is not defined.'
    when (attributes_std ->> 'end_ip_address' = '0.0.0.0'
        and attributes_std ->> 'start_ip_address' = '0.0.0.0')
      or (attributes_std ->> 'end_ip_address' = '0.0.0.0'
        and attributes_std ->> 'start_ip_address' = '255.255.255.255')
    then ' allows ingress 0.0.0.0/0 or any ip over internet'
    else ' does not allow ingress 0.0.0.0/0 or any ip over internet'
  end || '.' reason
  , path || ':' || start_line
from
  terraform_resource
where
  type = 'azurerm_sql_firewall_rule';

Controls

The query is being used by the following controls: