Steampipe mods are now Powerpipe →
Powerpipe Hub 
Hub
Mods
turbot/azure_compliance
Overview
9Dashboards
1129Controls
407Queries
2Variables
GitHub

Query: iam_no_custom_role

Usage

powerpipe query azure_compliance.query.iam_no_custom_role

Steampipe Tables

azure_role_definition
azure_subscription
Azure plugin

SQL

with custom_roles as (
  select
    role_name,
    role_type,
    _ctx,
    subscription_id
  from
    azure_role_definition
  where
    role_type = 'CustomRole'
)
select
  cr.subscription_id as resource,
  case
    when count(*) > 0 then 'alarm'
    else 'ok'
  end as status,
  'There are ' || count(*) || ' custom roles.' as reason,
  sub.display_name as subscription
from
  custom_roles as cr,
  azure_subscription as sub
where
  sub.subscription_id = cr.subscription_id
group by
  cr.subscription_id,
  cr._ctx,
  sub.display_name;

Controls

The query is being used by the following controls: