🚀Launch Week 04, May 13th - 17th, 2024!🚀
Powerpipe Hub 
Hub
Mods
turbot/terraform_azure_compliance
Overview
46Dashboards
291Controls
291Queries
2Variables
GitHub

Query: sql_database_allow_internet_access

Usage

powerpipe query terraform_azure_compliance.query.sql_database_allow_internet_access

Steampipe Tables

terraform_resource
Terraform plugin

SQL

select
  address as resource,
  case
    when coalesce(trim(attributes_std ->> 'start_ip_address'), '') = ''
    or coalesce(trim(attributes_std ->> 'end_ip_address'), '') = ''
    or (
      attributes_std ->> 'end_ip_address' = '0.0.0.0'
      and attributes_std ->> 'start_ip_address' = '0.0.0.0'
    )
    or (
      attributes_std ->> 'end_ip_address' = '0.0.0.0'
      and attributes_std ->> 'start_ip_address' = '255.255.255.255'
    ) then 'alarm'
    else 'ok'
  end status,
  split_part(address, '.', 2) || case
    when coalesce(trim(attributes_std ->> 'start_ip_address'), '') = '' then ' ''start_ip_address'' is not defined.'
    when coalesce(trim(attributes_std ->> 'end_ip_address'), '') = '' then ' ''end_ip_address'' is not defined.'
    when (
      attributes_std ->> 'end_ip_address' = '0.0.0.0'
      and attributes_std ->> 'start_ip_address' = '0.0.0.0'
    )
    or (
      attributes_std ->> 'end_ip_address' = '0.0.0.0'
      and attributes_std ->> 'start_ip_address' = '255.255.255.255'
    ) then ' allows ingress 0.0.0.0/0 or any ip over internet'
    else ' does not allow ingress 0.0.0.0/0 or any ip over internet'
  end || '.' reason,
  path || ':' || start_line
from
  terraform_resource
where
  type = 'azurerm_sql_firewall_rule';

Controls

The query is being used by the following controls: