turbot/azure_compliance

Control: Service bus namespace should not be configured with overly permissive network access

Description

This policy identifies Azure Service bus namespaces configured with overly permissive network access. By default, Service Bus namespaces are accessible from the internet as long as the request comes with valid authentication and authorization. With an IP firewall, you can restrict it further to only a set of IPv4 addresses or IPv4 address ranges. With Virtual Networks, the network traffic path is secured on both ends. It is recommended to configure the Service bus namespace with an IP firewall or by Virtual Network; so that the Service bus namespace is accessible only to restricted entities.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.servicebus_namespace_no_overly_permissive_network_access

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.servicebus_namespace_no_overly_permissive_network_access --share

SQL

This control uses a named query:

servicebus_namespace_no_overly_permissive_network_access

Tags