turbot/azure_compliance

Control: Subscriptions with custom roles should not be overly permissive

Description

This policy identifies azure subscriptions with custom roles are overly permissive. Least privilege access rule should be followed and only necessary privileges should be assigned instead of allowing full administrative access.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.iam_subscriptions_with_custom_roles_no_overly_permissive

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.iam_subscriptions_with_custom_roles_no_overly_permissive --share

SQL

This control uses a named query:

iam_subscriptions_with_custom_roles_no_overly_permissive

Tags