azure_ad_groupazure_ad_service_principalazure_ad_userazure_alert_managementazure_api_managementazure_api_management_backendazure_app_configurationazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_app_service_web_app_slotazure_application_gatewayazure_application_insightazure_application_security_groupazure_automation_accountazure_automation_variableazure_backup_policyazure_bastion_hostazure_batch_accountazure_cdn_frontdoor_profileazure_cognitive_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_accessazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_ssh_keyazure_compute_virtual_machineazure_compute_virtual_machine_metric_available_memoryazure_compute_virtual_machine_metric_available_memory_dailyazure_compute_virtual_machine_metric_available_memory_hourlyazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_compute_virtual_machine_scale_set_network_interfaceazure_compute_virtual_machine_scale_set_vmazure_consumption_usageazure_container_groupazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_collectionazure_cosmosdb_mongo_databaseazure_cosmosdb_restorable_database_accountazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_data_protection_backup_jobazure_data_protection_backup_vaultazure_databox_edge_deviceazure_databricks_workspaceazure_diagnostic_settingazure_dns_zoneazure_eventgrid_domainazure_eventgrid_topicazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_firewall_policyazure_frontdoorazure_hdinsight_clusterazure_healthcare_serviceazure_hpc_cacheazure_hybrid_compute_machineazure_hybrid_kubernetes_connected_clusterazure_iothubazure_iothub_dpsazure_key_vaultazure_key_vault_certificateazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_key_versionazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_kubernetes_service_versionazure_kusto_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_lighthouse_assignmentazure_lighthouse_definitionazure_locationazure_log_alertazure_log_analytics_workspaceazure_log_profileazure_logic_app_workflowazure_machine_learning_workspaceazure_maintenance_configurationazure_management_groupazure_management_lockazure_mariadb_serverazure_monitor_activity_log_eventazure_monitor_log_profileazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mssql_virtual_machineazure_mysql_flexible_serverazure_mysql_serverazure_nat_gatewayazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_flexible_serverazure_postgresql_serverazure_private_dns_zoneazure_private_endpointazure_providerazure_public_ipazure_recovery_services_backup_jobazure_recovery_services_vaultazure_redis_cacheazure_resourceazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_automationazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_sub_assessmentazure_security_center_subscription_pricingazure_service_fabric_clusterazure_servicebus_namespaceazure_signalr_serviceazure_spring_cloud_serviceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_share_fileazure_storage_syncazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_synapse_workspaceazure_tenantazure_virtual_networkazure_virtual_network_gatewayazure_web_application_firewall_policy
Table: azure_api_management_backend - Query API Management Backend Configurations using SQL
In Azure API Management (APIM), a "Backend" represents the configuration of a web service or API that is the destination for API requests processed by APIM's policies. This includes various types of backends, such as services running on Azure App Service, virtual machines, or external APIs hosted outside of Azure. Understanding the backend configurations is crucial for managing the API request and response lifecycle within APIM.
Table Usage Guide
The azure_api_management_backend table provides insights into the backend configurations within Azure API Management. Use this table to gain detailed information about how API requests are routed and managed, including the protocol used, service details, and security configurations.
Examples
Basic Info
Gain a general understanding of the backend configurations in your API Management service. This query is essential for a quick overview of how your APIs are set up in terms of endpoints and protocols.
select name, id, protocol, service_name, url, typefrom azure_api_management_backend;select name, id, protocol, service_name, url, typefrom azure_api_management_backend;List the Backend Credential Contract Properties
Review the authorization credentials for backends. This is crucial for understanding and managing security configurations for your API backends.
select name, id, credentials -> 'authorization' ->> 'parameter' as parameter, credentials -> 'authorization' ->> 'scheme' as schemefrom azure_api_management_backend;select name, id, json_extract( json_extract(credentials, '$.authorization'), '$.parameter' ) as parameter, json_extract( json_extract(credentials, '$.authorization'), '$.scheme' ) as schemefrom azure_api_management_backend;Get the TLS Configuration for a Particular Backend Service
Examine the TLS (Transport Layer Security) configurations for backend services. This query helps ensure that secure communication protocols are in place.
select name, id, tls -> 'validateCertificateChain' as tls_validate_certificate_chain, tls -> 'validateCertificateName' as tls_validate_certificate_namefrom azure_api_management_backend;select name, id, json_extract(tls, '$.validateCertificateChain') as tls_validate_certificate_chain, json_extract(tls, '$.validateCertificateName') as tls_validate_certificate_namefrom azure_api_management_backend;List Backends That Follow HTTP Protocol
Identify backends using the HTTP protocol. This can be important for reviewing API security, as HTTP lacks the encryption of HTTPS.
select name, id, protocol, service_name, url, typefrom azure_api_management_backendwhere protocol = 'http';select name, id, protocol, service_name, url, typefrom azure_api_management_backendwhere protocol = 'http';Schema for azure_api_management_backend
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| backend_id | text | = | The API management backend ID. |
| cloud_environment | text | The Azure Cloud Environment. | |
| credentials | jsonb | The API management backend credentials contract properties. | |
| description | text | The API management backend Description. | |
| id | text | Contains ID to identify an API management backend uniquely. | |
| name | text | =, != | A friendly name that identifies an API management backend. |
| properties | jsonb | The API management backend Properties contract. | |
| protocol | text | API management backend communication protocol. Possible values include: 'BackendProtocolHTTP', 'BackendProtocolSoap'. | |
| proxy | jsonb | The API management backend proxy contract properties. | |
| resource_group | text | = | The resource group which holds this resource. |
| resource_id | text | Management Uri of the Resource in External System. This url can be the Arm Resource Id of Logic Apps, Function Apps or Api Apps. | |
| service_name | text | = | Name of the API management service. |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
| title | text | Title of the resource. | |
| tls | jsonb | The API management backend TLS properties. | |
| type | text | Resource type for API Management resource. | |
| url | text | =, != | Runtime Url of the API management backend. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_api_management_backend