Steampipe mods are now Powerpipe →
Powerpipe Hub 
Hub
Mods
turbot/azure_compliance
Overview
9Dashboards
1129Controls
407Queries
2Variables
GitHub
Loading controls...

Control: Audit usage of custom RBAC roles

Description

Audit built-in roles such as 'Owner, Contributor, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.iam_no_custom_role

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.iam_no_custom_role --share

SQL

This control uses a named query:

iam_no_custom_role

Tags

hipaa_hitrust_v92 = true
nist_sp_800_53_rev_5 = true
pci_dss_v321 = true
service = Azure/ActiveDirectory