azure_alert_managementazure_api_managementazure_api_management_backendazure_app_configurationazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_app_service_web_app_slotazure_application_gatewayazure_application_insightazure_application_security_groupazure_automation_accountazure_automation_variableazure_backup_policyazure_bastion_hostazure_batch_accountazure_cdn_frontdoor_profileazure_cognitive_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_accessazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_ssh_keyazure_compute_virtual_machineazure_compute_virtual_machine_metric_available_memoryazure_compute_virtual_machine_metric_available_memory_dailyazure_compute_virtual_machine_metric_available_memory_hourlyazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_compute_virtual_machine_scale_set_network_interfaceazure_compute_virtual_machine_scale_set_vmazure_compute_virtual_machine_sizeazure_consumption_usageazure_container_groupazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_collectionazure_cosmosdb_mongo_databaseazure_cosmosdb_restorable_database_accountazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_data_protection_backup_jobazure_data_protection_backup_vaultazure_databox_edge_deviceazure_databricks_workspaceazure_diagnostic_settingazure_dns_zoneazure_eventgrid_domainazure_eventgrid_topicazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_firewall_policyazure_frontdoorazure_hdinsight_clusterazure_healthcare_serviceazure_hpc_cacheazure_hybrid_compute_machineazure_hybrid_kubernetes_connected_clusterazure_iothubazure_iothub_dpsazure_key_vaultazure_key_vault_certificateazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_key_versionazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_kubernetes_service_versionazure_kusto_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_lighthouse_assignmentazure_lighthouse_definitionazure_locationazure_log_alertazure_log_analytics_workspaceazure_log_profileazure_logic_app_workflowazure_machine_learning_workspaceazure_maintenance_configurationazure_management_groupazure_management_lockazure_mariadb_serverazure_monitor_activity_log_eventazure_monitor_log_profileazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mssql_virtual_machineazure_mysql_flexible_serverazure_mysql_serverazure_nat_gatewayazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_flexible_serverazure_postgresql_serverazure_private_dns_zoneazure_private_endpointazure_providerazure_public_ipazure_recovery_services_backup_jobazure_recovery_services_vaultazure_redis_cacheazure_resourceazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_automationazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_sub_assessmentazure_security_center_subscription_pricingazure_service_fabric_clusterazure_servicebus_namespaceazure_signalr_serviceazure_spring_cloud_serviceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_share_fileazure_storage_syncazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_synapse_workspaceazure_tenantazure_virtual_networkazure_virtual_network_gatewayazure_web_application_firewall_policy
Table: azure_app_service_function_app - Query Azure App Service Function Apps using SQL
Azure App Service Function Apps is a service within Microsoft Azure that allows developers to host and run functions in the cloud without having to manage any infrastructure. It offers an event-driven, compute-on-demand experience that extends the existing Azure App Service platform. With Azure Function Apps, developers can quickly create serverless applications that scale and integrate with other services.
Table Usage Guide
The azure_app_service_function_app table provides insights into Function Apps within Azure App Service. As a developer or DevOps engineer, explore Function App-specific details through this table, including configuration settings, app settings, and connection strings. Utilize it to uncover information about Function Apps, such as their runtime versions, hosting details, and the state of always-on functionality.
Examples
List of app functions which accepts HTTP traffic
Determine the areas in which Azure app services function apps are configured to accept HTTP traffic, which can be useful for identifying potential security risks associated with unencrypted data transmission.
select name, https_only, kind, regionfrom azure_app_service_function_appwhere not https_only;select name, https_only, kind, regionfrom azure_app_service_function_appwhere https_only = 0;List of all unreserved app function
Discover the segments that comprise all unreserved function apps in Azure. This query is useful in managing resources and ensuring optimal performance by identifying potential areas for reallocation.
select name, reserved, resource_groupfrom azure_app_service_function_appwhere not reserved;select name, reserved, resource_groupfrom azure_app_service_function_appwhere reserved = 0;Outbound IP addresses and possible outbound IP addresses info of each function app
Gain insights into the outbound IP addresses associated with each function app, as well as potential outbound IP addresses. This information can be useful for managing network security and understanding your app's communication pathways.
select name, outbound_ip_addresses, possible_outbound_ip_addressesfrom azure_app_service_function_app;select name, outbound_ip_addresses, possible_outbound_ip_addressesfrom azure_app_service_function_app;List of app functions where client certificate mode is disabled.
Identify instances where the client certificate mode is disabled in your Azure app functions. This can help enhance security by pinpointing areas where client authentication is not enforced.
select name, client_cert_enabled, kind, regionfrom azure_app_service_function_appwhere not client_cert_enabled;select name, client_cert_enabled, kind, regionfrom azure_app_service_function_appwhere client_cert_enabled = 0;Control examples
- All Controls > App Service > App Service function apps public access should be restricted
- All Controls > App Service > Ensure App Service authentication is set up for function apps in Azure App Service
- All Controls > App Service > Ensure FTP deployments are Disabled
- All Controls > App Service > Ensure that 'Java version' is the latest, if used as a part of the Function app
- All Controls > App Service > Ensure that 'Python version' is the latest, if used as a part of the Function app
- CIS v1.3.0 > 9 AppService > 9.10 Ensure FTP deployments are disabled
- CIS v1.4.0 > 9 AppService > 9.10 Ensure FTP deployments are disabled
- CIS v1.5.0 > 9 AppService > 9.10 Ensure FTP deployments are disabled
- CIS v2.0.0 > 9 AppService > 9.10 Ensure FTP deployments are Disabled
- CIS v2.1.0 > 9 AppService > 9.9 Ensure FTP deployments are Disabled
- CIS v3.0.0 > 9 AppService > 9.3 Ensure 'FTP State' is set to 'FTPS Only' or 'Disabled'
- Ensure that 'HTTP Version' is the latest, if used to run the Function app
- FTPS only should be required in your Function App
- Function apps should have 'Client Certificates (Incoming client certificates)' enabled
- Function apps should have remote debugging turned off
- Function apps should not have CORS configured to allow every resource to access your apps
- Function apps should only be accessible over HTTPS
- Function apps should use managed identity
- Function apps should use the latest TLS version
Schema for azure_app_service_function_app
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| auth_settings | jsonb | Describes the Authentication/Authorization settings of an app. | |
| client_affinity_enabled | boolean | Specify whether client affinity is enabled. | |
| client_cert_enabled | boolean | Specify whether client certificate authentication is enabled. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| configuration | jsonb | Describes the configuration of an app. | |
| default_site_hostname | text | Default hostname of the app. | |
| enabled | boolean | Specify whether the app is enabled. | |
| host_name_disabled | boolean | Specify whether the public hostnames of the app is disabled. | |
| host_names | jsonb | A list of hostnames associated with the app. | |
| https_only | boolean | Specify whether configuring a web site to accept only https requests. | |
| id | text | Contains ID to identify an app service function app uniquely. | |
| kind | text | Contains the kind of the resource. | |
| name | text | = | The friendly name that identifies the app service function app. |
| outbound_ip_addresses | text | List of IP addresses that the app uses for outbound connections (e.g. database access). | |
| possible_outbound_ip_addresses | text | List of possible IP addresses that the app uses for outbound connections (e.g. database access). | |
| region | text | The Azure region/location in which the resource is located. | |
| reserved | boolean | Specify whether the app is reserved. | |
| resource_group | text | = | The resource group which holds this resource. |
| site_config | jsonb | A map of all configuration for the app | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| state | text | Current state of the app. | |
| subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
| tags | jsonb | A map of tags for the resource. | |
| title | text | Title of the resource. | |
| type | text | The resource type of the app service function app. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_app_service_function_app