azure_ad_groupazure_ad_service_principalazure_ad_userazure_alert_managementazure_api_managementazure_api_management_backendazure_app_configurationazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_app_service_web_app_slotazure_application_gatewayazure_application_insightazure_application_security_groupazure_automation_accountazure_automation_variableazure_backup_policyazure_bastion_hostazure_batch_accountazure_cdn_frontdoor_profileazure_cognitive_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_accessazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_ssh_keyazure_compute_virtual_machineazure_compute_virtual_machine_metric_available_memoryazure_compute_virtual_machine_metric_available_memory_dailyazure_compute_virtual_machine_metric_available_memory_hourlyazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_compute_virtual_machine_scale_set_network_interfaceazure_compute_virtual_machine_scale_set_vmazure_consumption_usageazure_container_groupazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_collectionazure_cosmosdb_mongo_databaseazure_cosmosdb_restorable_database_accountazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_data_protection_backup_jobazure_data_protection_backup_vaultazure_databox_edge_deviceazure_databricks_workspaceazure_diagnostic_settingazure_dns_zoneazure_eventgrid_domainazure_eventgrid_topicazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_firewall_policyazure_frontdoorazure_hdinsight_clusterazure_healthcare_serviceazure_hpc_cacheazure_hybrid_compute_machineazure_hybrid_kubernetes_connected_clusterazure_iothubazure_iothub_dpsazure_key_vaultazure_key_vault_certificateazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_key_versionazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_kubernetes_service_versionazure_kusto_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_lighthouse_assignmentazure_lighthouse_definitionazure_locationazure_log_alertazure_log_analytics_workspaceazure_log_profileazure_logic_app_workflowazure_machine_learning_workspaceazure_maintenance_configurationazure_management_groupazure_management_lockazure_mariadb_serverazure_monitor_activity_log_eventazure_monitor_log_profileazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mssql_virtual_machineazure_mysql_flexible_serverazure_mysql_serverazure_nat_gatewayazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_flexible_serverazure_postgresql_serverazure_private_dns_zoneazure_private_endpointazure_providerazure_public_ipazure_recovery_services_backup_jobazure_recovery_services_vaultazure_redis_cacheazure_resourceazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_automationazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_sub_assessmentazure_security_center_subscription_pricingazure_service_fabric_clusterazure_servicebus_namespaceazure_signalr_serviceazure_spring_cloud_serviceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_share_fileazure_storage_syncazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_synapse_workspaceazure_tenantazure_virtual_networkazure_virtual_network_gatewayazure_web_application_firewall_policy
Table: azure_app_configuration - Query Azure App Configuration using SQL
Azure App Configuration is a service within Microsoft Azure that provides a way to centrally manage application settings and feature flags. It helps developers to separate configuration from code, making applications more modular and scalable. Azure App Configuration is fully managed, which allows developers to focus on code rather than managing and distributing configuration.
Table Usage Guide
The azure_app_configuration table provides insights into application configurations within Microsoft Azure. As a developer or DevOps engineer, you can explore configuration-specific details through this table, including settings, feature management, and associated metadata. Utilize it to manage and monitor application settings, understand feature flags, and ensure the scalability and modularity of your applications.
Examples
Basic info
Explore which Azure App configurations are currently active and when they were created. This is useful for understanding the status and timeline of your app's setup and deployment.
select id, name, type, provisioning_state, creation_datefrom azure_app_configuration;select id, name, type, provisioning_state, creation_datefrom azure_app_configuration;List public network access enabled app configurations
Explore which app configurations in Azure have public network access enabled. This can be beneficial in assessing potential security risks and ensuring appropriate network access settings are in place.
select id, name, type, provisioning_state, public_network_accessfrom azure_app_configurationwhere public_network_access = 'Enabled';select id, name, type, provisioning_state, public_network_accessfrom azure_app_configurationwhere public_network_access = 'Enabled';List app configurations with user assigned identities
This query is useful to identify and analyze the configurations of apps that have user-assigned identities within your Azure environment. It helps in managing and auditing access control, thereby enhancing the security of your applications.
select id, name, identity -> 'type' as identity_type, jsonb_pretty(identity -> 'userAssignedIdentities') as identity_user_assigned_identitiesfrom azure_app_configurationwhere exists ( select from unnest(regexp_split_to_array(identity ->> 'type', ',')) elem where trim(elem) = 'UserAssigned' );Error: SQLite does not support regexp_split_to_array function.List private endpoint connection details for app configurations
Explore the status and details of private connections for app configurations in Azure. This can help identify any required actions or understand the provisioning state for these connections.
select name as app_config_name, id as app_config_id, connections ->> 'id' as connection_id, connections ->> 'privateEndpointPropertyId' as connection_private_endpoint_property_id, connections ->> 'privateLinkServiceConnectionStateActionsRequired' as connection_actions_required, connections ->> 'privateLinkServiceConnectionStateDescription' as connection_description, connections ->> 'privateLinkServiceConnectionStateStatus' as connection_status, connections ->> 'provisioningState' as connection_provisioning_statefrom azure_app_configuration, jsonb_array_elements(private_endpoint_connections) as connections;select name as app_config_name, c.id as app_config_id, json_extract(connections.value, '$.id') as connection_id, json_extract(connections.value, '$.privateEndpointPropertyId') as connection_private_endpoint_property_id, json_extract( connections.value, '$.privateLinkServiceConnectionStateActionsRequired' ) as connection_actions_required, json_extract( connections.value, '$.privateLinkServiceConnectionStateDescription' ) as connection_description, json_extract( connections.value, '$.privateLinkServiceConnectionStateStatus' ) as connection_status, json_extract(connections.value, '$.provisioningState') as connection_provisioning_statefrom azure_app_configuration as c, json_each(private_endpoint_connections) as connections;List encryption details for app configurations
Explore encryption specifics for your applications, particularly focusing on identity client IDs and key identifiers. This is useful for assessing the security measures in place for your app configurations.
select name as app_config_name, id as app_config_id, encryption -> 'keyVaultProperties' ->> 'identityClientId' as key_vault_identity_client_id, encryption -> 'keyVaultProperties' ->> 'keyIdentifier' as key_vault_key_identifierfrom azure_app_configuration;select name as app_config_name, id as app_config_id, json_extract( encryption, '$.keyVaultProperties.identityClientId' ) as key_vault_identity_client_id, json_extract(encryption, '$.keyVaultProperties.keyIdentifier') as key_vault_key_identifierfrom azure_app_configuration;Control examples
Schema for azure_app_configuration
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| creation_date | timestamp with time zone | The creation date of configuration store. | |
| diagnostic_settings | jsonb | A list of active diagnostic settings for the configuration store. | |
| encryption | jsonb | The encryption settings of the configuration store. | |
| endpoint | text | The DNS endpoint where the configuration store API will be available. | |
| id | text | The resource ID. | |
| identity | jsonb | The managed identity information, if configured. | |
| name | text | = | The name of the resource. |
| private_endpoint_connections | jsonb | The list of private endpoint connections that are set up for this resource. | |
| provisioning_state | text | The provisioning state of the configuration store. Possible values include: 'Creating', 'Updating', 'Deleting', 'Succeeded', 'Failed', 'Canceled'. | |
| public_network_access | text | Control permission for data plane traffic coming from public networks while private endpoint is enabled. Possible values include: 'Enabled', 'Disabled'. | |
| region | text | The Azure region/location in which the resource is located. | |
| resource_group | text | = | The resource group which holds this resource. |
| sku_name | text | The SKU name of the configuration store. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
| tags | jsonb | A map of tags for the resource. | |
| title | text | Title of the resource. | |
| type | text | The type of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_app_configuration