Table: azure_app_service_web_app - Query Azure App Service Web Apps using SQL

Azure App Service is a fully managed platform for building, deploying, and scaling web applications. It supports a variety of programming languages, tools, and frameworks, including both Microsoft-specific and third-party software and systems. With Azure App Service, you can quickly build, deploy, and scale enterprise-grade web, mobile, and API apps running on any platform.

Table Usage Guide

The azure_app_service_web_app table provides insights into web applications hosted on Azure App Service. As a developer or system administrator, you can use this table to examine the configuration, status, and metadata of these applications. It can be particularly useful for monitoring and managing your web applications, ensuring they are correctly configured, running smoothly, and adhering to your organization's operational and security policies.

Examples

Outbound IP addresses and possible outbound IP addresses info of each web app

Explore which web applications in your Azure App Service have specific outbound IP addresses. This is useful for understanding the network behavior of your applications, particularly for security monitoring or compliance purposes.

select
  name,
  outbound_ip_addresses,
  possible_outbound_ip_addresses
from
  azure_app_service_web_app;

select
  name,
  outbound_ip_addresses,
  possible_outbound_ip_addresses
from
  azure_app_service_web_app;

List web apps which accepts HTTP traffics (i.e HTTPS only is disabled)

Determine the areas in which web applications are accepting HTTP traffic, indicating that the more secure HTTPS-only mode is disabled. This can be useful for identifying potential security risks in your Azure App Service.

select
  name,
  https_only,
  kind,
  region
from
  azure_app_service_web_app
where
  not https_only;

select
  name,
  https_only,
  kind,
  region
from
  azure_app_service_web_app
where
  https_only = 0;

List of web app where client certificate mode is disabled

Determine the areas in which web applications are potentially vulnerable due to disabled client certificate mode. This is crucial for enhancing security measures and ensuring data protection.

select
  name,
  client_cert_enabled,
  kind,
  region
from
  azure_app_service_web_app
where
  not client_cert_enabled;

select
  name,
  client_cert_enabled,
  kind,
  region
from
  azure_app_service_web_app
where
  client_cert_enabled = 0;

Host names of each web app

Determine the areas in which your web applications are hosted. This aids in understanding their geographical distribution and aids in resource management.

select
  name,
  host_names,
  kind,
  region,
  resource_group
from
  azure_app_service_web_app;

select
  name,
  host_names,
  kind,
  region,
  resource_group
from
  azure_app_service_web_app;

List web apps with latest HTTP version

Determine the areas in which web applications are running on the latest HTTP version across different regions. This can be useful for ensuring applications are up-to-date and taking advantage of the latest protocol features for performance and security.

select
  name,
  enabled,
  region
from
  azure_app_service_web_app
where
  (configuration -> 'properties' ->> 'http20Enabled') :: boolean;

select
  name,
  enabled,
  region
from
  azure_app_service_web_app
where
  json_extract(configuration, '$.properties.http20Enabled') = 'true';

List web apps that have FTP deployments set to disabled

Determine the areas in which web applications have FTP deployments disabled, allowing for a better understanding of security measures in place and potential areas of vulnerability.

select
  name,
  configuration -> 'properties' ->> 'ftpsState' as ftps_state
from
  azure_app_service_web_app
where
  configuration -> 'properties' ->> 'ftpsState' <> 'AllAllowed';

select
  name,
  json_extract(
    json_extract(configuration, '$.properties'),
    '$.ftpsState'
  ) as ftps_state
from
  azure_app_service_web_app
where
  json_extract(
    json_extract(configuration, '$.properties'),
    '$.ftpsState'
  ) <> 'AllAllowed';

List web apps that have managed service identity disabled

Determine the areas in which web apps are operating without a managed service identity, which is a key security feature. This could be used to identify potential vulnerabilities and improve overall system security.

select
  name,
  enabled,
  region,
  identity
from
  azure_app_service_web_app
where
  identity = '{}';

select
  name,
  enabled,
  region,
  identity
from
  azure_app_service_web_app
where
  identity = '{}';

Get the storage information associated to a particular app

Explore the storage details linked to a specific application in Azure's App Service. This can help you understand the configuration and enablement status of your storage in a particular region, which can be crucial for optimizing resource allocation and management.

select
  name,
  enabled,
  region,
  identity storage_info_value
from
  azure_app_service_web_app
where
  resource_group = 'demo'
  and name = 'web-app-test-storage-info';

select
  name,
  enabled,
  region,
  identity,
  storage_info_value
from
  azure_app_service_web_app
where
  resource_group = 'demo'
  and name = 'web-app-test-storage-info';

Schema for azure_app_service_web_app

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
auth_settings	jsonb		Describes the Authentication/Authorization settings of an app.
client_affinity_enabled	boolean		Specify whether client affinity is enabled.
client_cert_enabled	boolean		Specify whether client certificate authentication is enabled.
cloud_environment	text		The Azure Cloud Environment.
configuration	jsonb		Describes the configuration of an app.
default_site_hostname	text		Default hostname of the app.
diagnostic_logs_configuration	jsonb		Describes the logging configuration of an app.
enabled	boolean		Specify whether the app is enabled.
host_name_disabled	boolean		Specify whether the public hostnames of the app is disabled.
host_names	jsonb		A list of hostnames associated with the app.
https_only	boolean		Specify whether configuring a web site to accept only https requests.
id	text		Contains ID to identify an app service web app uniquely.
identity	jsonb		Managed service identity for the resource.
kind	text		Contains the kind of the resource.
name	text	=	The friendly name that identifies the app service web app.
outbound_ip_addresses	text		List of IP addresses that the app uses for outbound connections (e.g. database access).
possible_outbound_ip_addresses	text		List of possible IP addresses that the app uses for outbound connections (e.g. database access).
region	text		The Azure region/location in which the resource is located.
reserved	boolean		Specify whether the app is reserved.
resource_group	text	=	The resource group which holds this resource.
site_config	jsonb		A map of all configuration for the app.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
state	text		Current state of the app.
storage_info_value	jsonb		AzureStorageInfoValue azure Files or Blob Storage access information value for dictionary storage.
subscription_id	text	=, !=, ~~, ~~, !~~, !~~	The Azure Subscription ID in which the resource is located.
tags	jsonb		A map of tags for the resource.
title	text		Title of the resource.
type	text		The resource type of the app service web app.
vnet_connection	jsonb		Describes the virtual network connection for the app.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_app_service_web_app