steampipe plugin install azure

Table: azure_api_management_backend - Query API Management Backend Configurations using SQL

In Azure API Management (APIM), a "Backend" represents the configuration of a web service or API that is the destination for API requests processed by APIM's policies. This includes various types of backends, such as services running on Azure App Service, virtual machines, or external APIs hosted outside of Azure. Understanding the backend configurations is crucial for managing the API request and response lifecycle within APIM.

Table Usage Guide

The azure_api_management_backend table provides insights into the backend configurations within Azure API Management. Use this table to gain detailed information about how API requests are routed and managed, including the protocol used, service details, and security configurations.

Examples

Basic Info

Gain a general understanding of the backend configurations in your API Management service. This query is essential for a quick overview of how your APIs are set up in terms of endpoints and protocols.

select
name,
id,
protocol,
service_name,
url,
type
from
azure_api_management_backend;
select
name,
id,
protocol,
service_name,
url,
type
from
azure_api_management_backend;

List the Backend Credential Contract Properties

Review the authorization credentials for backends. This is crucial for understanding and managing security configurations for your API backends.

select
name,
id,
credentials -> 'authorization' ->> 'parameter' as parameter,
credentials -> 'authorization' ->> 'scheme' as scheme
from
azure_api_management_backend;
select
name,
id,
json_extract(
json_extract(credentials, '$.authorization'),
'$.parameter'
) as parameter,
json_extract(
json_extract(credentials, '$.authorization'),
'$.scheme'
) as scheme
from
azure_api_management_backend;

Get the TLS Configuration for a Particular Backend Service

Examine the TLS (Transport Layer Security) configurations for backend services. This query helps ensure that secure communication protocols are in place.

select
name,
id,
tls -> 'validateCertificateChain' as tls_validate_certificate_chain,
tls -> 'validateCertificateName' as tls_validate_certificate_name
from
azure_api_management_backend;
select
name,
id,
json_extract(tls, '$.validateCertificateChain') as tls_validate_certificate_chain,
json_extract(tls, '$.validateCertificateName') as tls_validate_certificate_name
from
azure_api_management_backend;

List Backends That Follow HTTP Protocol

Identify backends using the HTTP protocol. This can be important for reviewing API security, as HTTP lacks the encryption of HTTPS.

select
name,
id,
protocol,
service_name,
url,
type
from
azure_api_management_backend
where
protocol = 'http';
select
name,
id,
protocol,
service_name,
url,
type
from
azure_api_management_backend
where
protocol = 'http';

Schema for azure_api_management_backend

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
backend_idtext=The API management backend ID.
cloud_environmenttextThe Azure Cloud Environment.
credentialsjsonbThe API management backend credentials contract properties.
descriptiontextThe API management backend Description.
idtextContains ID to identify an API management backend uniquely.
nametext=, !=A friendly name that identifies an API management backend.
propertiesjsonbThe API management backend Properties contract.
protocoltextAPI management backend communication protocol. Possible values include: 'BackendProtocolHTTP', 'BackendProtocolSoap'.
proxyjsonbThe API management backend proxy contract properties.
resource_grouptext=The resource group which holds this resource.
resource_idtextManagement Uri of the Resource in External System. This url can be the Arm Resource Id of Logic Apps, Function Apps or Api Apps.
service_nametext=Name of the API management service.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
subscription_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Subscription ID in which the resource is located.
titletextTitle of the resource.
tlsjsonbThe API management backend TLS properties.
typetextResource type for API Management resource.
urltext=, !=Runtime Url of the API management backend.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_api_management_backend