turbot/terraform_azure_compliance

Query: sql_database_allow_internet_access

Usage

powerpipe query terraform_azure_compliance.query.sql_database_allow_internet_access

Steampipe Tables

SQL

select
address as resource,
case
when
coalesce(trim(attributes_std ->> 'start_ip_address'), '') = ''
or coalesce(trim(attributes_std ->> 'end_ip_address'), '') = ''
or (attributes_std ->> 'end_ip_address' = '0.0.0.0'
and attributes_std ->> 'start_ip_address' = '0.0.0.0')
or (attributes_std ->> 'end_ip_address' = '0.0.0.0'
and attributes_std ->> 'start_ip_address' = '255.255.255.255')
then 'alarm'
else 'ok'
end status,
split_part(address, '.', 2) || case
when coalesce(trim(attributes_std ->> 'start_ip_address'), '') = ''
then ' ''start_ip_address'' is not defined.'
when coalesce(trim(attributes_std ->> 'end_ip_address'), '') = ''
then ' ''end_ip_address'' is not defined.'
when (attributes_std ->> 'end_ip_address' = '0.0.0.0'
and attributes_std ->> 'start_ip_address' = '0.0.0.0')
or (attributes_std ->> 'end_ip_address' = '0.0.0.0'
and attributes_std ->> 'start_ip_address' = '255.255.255.255')
then ' allows ingress 0.0.0.0/0 or any ip over internet'
else ' does not allow ingress 0.0.0.0/0 or any ip over internet'
end || '.' reason
, path || ':' || start_line
from
terraform_resource
where
type = 'azurerm_sql_firewall_rule';

Controls

The query is being used by the following controls: