azure_ad_groupazure_ad_service_principalazure_ad_userazure_alert_managementazure_api_managementazure_api_management_backendazure_app_configurationazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_app_service_web_app_slotazure_application_gatewayazure_application_insightazure_application_security_groupazure_automation_accountazure_automation_variableazure_bastion_hostazure_batch_accountazure_cognitive_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_accessazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_ssh_keyazure_compute_virtual_machineazure_compute_virtual_machine_metric_available_memoryazure_compute_virtual_machine_metric_available_memory_dailyazure_compute_virtual_machine_metric_available_memory_hourlyazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_compute_virtual_machine_scale_set_network_interfaceazure_compute_virtual_machine_scale_set_vmazure_consumption_usageazure_container_groupazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_collectionazure_cosmosdb_mongo_databaseazure_cosmosdb_restorable_database_accountazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_databox_edge_deviceazure_databricks_workspaceazure_diagnostic_settingazure_dns_zoneazure_eventgrid_domainazure_eventgrid_topicazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_firewall_policyazure_frontdoorazure_hdinsight_clusterazure_healthcare_serviceazure_hpc_cacheazure_hybrid_compute_machineazure_hybrid_kubernetes_connected_clusterazure_iothubazure_iothub_dpsazure_key_vaultazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_key_versionazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_kubernetes_service_versionazure_kusto_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_locationazure_log_alertazure_log_profileazure_logic_app_workflowazure_machine_learning_workspaceazure_maintenance_configurationazure_management_groupazure_management_lockazure_mariadb_serverazure_monitor_activity_log_eventazure_monitor_log_profileazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mssql_virtual_machineazure_mysql_flexible_serverazure_mysql_serverazure_nat_gatewayazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_flexible_serverazure_postgresql_serverazure_private_dns_zoneazure_providerazure_public_ipazure_recovery_services_backup_jobazure_recovery_services_vaultazure_redis_cacheazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_automationazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_sub_assessmentazure_security_center_subscription_pricingazure_service_fabric_clusterazure_servicebus_namespaceazure_signalr_serviceazure_spring_cloud_serviceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_share_fileazure_storage_syncazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_synapse_workspaceazure_tenantazure_virtual_networkazure_virtual_network_gateway
Table: azure_application_gateway - Query Azure Application Gateways using SQL
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. It operates at the application layer (Layer 7) of the Open Systems Interconnection (OSI) network stack, and can route traffic based on various attributes of an HTTP request. The gateway also provides SSL offloading, which removes the SSL-based encryption from incoming traffic.
Table Usage Guide
The azure_application_gateway table provides insights into Application Gateways within Azure. As a Network Administrator, explore gateway-specific details through this table, including backend pools, listeners, rules, and associated metadata. Utilize it to uncover information about gateways, such as their health status, configured rules, and the verification of SSL certificates.
Examples
Basic info
Explore the general information of your Azure application gateways to gain insights into their types, provisioning states, and regions. This allows you to effectively manage and monitor your gateways, ensuring optimal performance and resource allocation.
select id, name, type, provisioning_state, regionfrom azure_application_gateway;select id, name, type, provisioning_state, regionfrom azure_application_gateway;List web application firewall configurations for application gateway
Determine the configurations of your web application firewall for an application gateway. This query aids in understanding the firewall's operational settings, such as enabled status, file upload limits, and rule set details, which are crucial for maintaining optimal security and performance.
select id, name, jsonb_pretty( web_application_firewall_configuration -> 'disabledRuleGroups' ) as disabled_rule_groups, web_application_firewall_configuration -> 'enabled' as enabled, jsonb_pretty( web_application_firewall_configuration -> 'exclusions' ) as exclusions, web_application_firewall_configuration -> 'fileUploadLimitInMb' as file_upload_limit_in_mb, web_application_firewall_configuration -> 'firewallMode' as firewall_mode, web_application_firewall_configuration -> 'maxRequestBodySizeInKb' as max_request_body_size_in_kb, web_application_firewall_configuration -> 'requestBodyCheck' as request_body_check, web_application_firewall_configuration -> 'ruleSetType' as rule_set_type, web_application_firewall_configuration -> 'ruleSetVersion' as rule_set_versionfrom azure_application_gateway;select id, name, web_application_firewall_configuration as disabled_rule_groups, json_extract( web_application_firewall_configuration, '$.enabled' ) as enabled, web_application_firewall_configuration as exclusions, json_extract( web_application_firewall_configuration, '$.fileUploadLimitInMb' ) as file_upload_limit_in_mb, json_extract( web_application_firewall_configuration, '$.firewallMode' ) as firewall_mode, json_extract( web_application_firewall_configuration, '$.maxRequestBodySizeInKb' ) as max_request_body_size_in_kb, json_extract( web_application_firewall_configuration, '$.requestBodyCheck' ) as request_body_check, json_extract( web_application_firewall_configuration, '$.ruleSetType' ) as rule_set_type, json_extract( web_application_firewall_configuration, '$.ruleSetVersion' ) as rule_set_versionfrom azure_application_gateway;List http listeners for application gateway
Explore the configuration of HTTP listeners in an application gateway to understand the protocol requirements and server name indication settings. This can be particularly useful in identifying potential security weak points and optimizing network performance.
select id, name, listeners -> 'id' as listener_id, listeners -> 'name' as listener_name, jsonb_pretty(listeners -> 'properties' -> 'frontendPort') as listener_frontend_port, jsonb_pretty(listeners -> 'properties' -> 'hostNames') as listener_host_names, listeners -> 'properties' -> 'protocol' as listener_protocol, listeners -> 'properties' -> 'requireServerNameIndication' as listener_require_server_name_indicationfrom azure_application_gateway, jsonb_array_elements(http_listeners) as listeners;select g.id, name, json_extract(listeners.value, '$.id') as listener_id, json_extract(listeners.value, '$.name') as listener_name, json_extract(listeners.value, '$.properties.frontendPort') as listener_frontend_port, json_extract(listeners.value, '$.properties.hostNames') as listener_host_names, json_extract(listeners.value, '$.properties.protocol') as listener_protocol, json_extract( listeners.value, '$.properties.requireServerNameIndication' ) as listener_require_server_name_indicationfrom azure_application_gateway as g, json_each(http_listeners) as listeners;List backend http settings collection for application gateway
Analyze the settings to understand the configuration of your application gateway's backend HTTP settings. This could be useful for assessing aspects like affinity based on cookies, host name selection from backend address, port, protocol, and request timeout.
select id, name, settings -> 'id' as settings_id, settings -> 'name' as settings_name, settings -> 'properties' -> 'cookieBasedAffinity' as settings_cookie_based_affinity, settings -> 'properties' -> 'pickHostNameFromBackendAddress' as settings_pick_host_name_from_backend_address, settings -> 'properties' -> 'port' as settings_port, settings -> 'properties' -> 'protocol' as settings_protocol, settings -> 'properties' -> 'requestTimeout' as settings_request_timeoutfrom azure_application_gateway, jsonb_array_elements(backend_http_settings_collection) as settings;select g.id, name, json_extract(settings.value, '$.id') as settings_id, json_extract(settings.value, '$.name') as settings_name, json_extract( settings.value, '$.properties.cookieBasedAffinity' ) as settings_cookie_based_affinity, json_extract( settings.value, '$.properties.pickHostNameFromBackendAddress' ) as settings_pick_host_name_from_backend_address, json_extract(settings.value, '$.properties.port') as settings_port, json_extract(settings.value, '$.properties.protocol') as settings_protocol, json_extract(settings.value, '$.properties.requestTimeout') as settings_request_timeoutfrom azure_application_gateway as g, json_each(backend_http_settings_collection) as settings;List frontend IP configurations for application gateway
This query is useful for gaining insights into the IP configurations of your application gateway in Azure. It allows you to understand both the public and private allocation methods, which is critical for managing network access and security.
select id, name, config -> 'id' as config_id, config -> 'name' as config_name, jsonb_pretty(config -> 'properties' -> 'publicIPAddress') as config_public_ip_address, config -> 'properties' -> 'privateIPAllocationMethod' as config_private_ip_allocation_methodfrom azure_application_gateway, jsonb_array_elements(frontend_ip_configurations) as config;select g.id, name, json_extract(config.value, '$.id') as config_id, json_extract(config.value, '$.name') as config_name, json_extract(config.value, '$.properties.publicIPAddress') as config_public_ip_address, json_extract( config.value, '$.properties.privateIPAllocationMethod' ) as config_private_ip_allocation_methodfrom azure_application_gateway as g, json_each(frontend_ip_configurations) as config;Query examples
Control examples
Schema for azure_application_gateway
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| authentication_certificates | jsonb | Authentication certificates of the application gateway. | |
| autoscale_configuration | jsonb | Autoscale Configuration of the application gateway. | |
| backend_address_pools | jsonb | Backend address pool of the application gateway. | |
| backend_http_settings_collection | jsonb | Backend http settings of the application gateway. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| custom_error_configurations | jsonb | Custom error configurations of the application gateway. | |
| diagnostic_settings | jsonb | A list of active diagnostic settings for the application gateway. | |
| enable_fips | boolean | Whether FIPS is enabled on the application gateway. | |
| enable_http2 | boolean | Whether HTTP2 is enabled on the application gateway. | |
| etag | text | A unique read-only string that changes whenever the resource is updated. | |
| firewall_policy | jsonb | Reference to the FirewallPolicy resource. | |
| force_firewall_policy_association | boolean | If true, associates a firewall policy with an application gateway regardless whether the policy differs from the WAF configuration. | |
| frontend_ip_configurations | jsonb | Frontend IP addresses of the application gateway. | |
| frontend_ports | jsonb | Frontend ports of the application gateway. | |
| gateway_ip_configurations | jsonb | Subnets of the application gateway. | |
| http_listeners | jsonb | Http listeners of the application gateway. | |
| id | text | The resource ID. | |
| identity | jsonb | The identity of the application gateway, if configured. | |
| name | text | = | The resource name. |
| operational_state | text | Operational state of the application gateway. Possible values include: 'Stopped', 'Starting', 'Running', 'Stopping'. | |
| private_endpoint_connections | jsonb | Private endpoint connections on application gateway. | |
| private_link_configurations | jsonb | PrivateLink configurations on application gateway. | |
| probes | jsonb | Probes of the application gateway. | |
| provisioning_state | text | The provisioning state of the application gateway. Possible values include: 'Succeeded', 'Updating', 'Deleting', 'Failed'. | |
| redirect_configurations | jsonb | Redirect configurations of the application gateway. | |
| region | text | The Azure region/location in which the resource is located. | |
| request_routing_rules | jsonb | Request routing rules of the application gateway. | |
| resource_group | text | = | The resource group which holds this resource. |
| resource_guid | text | The resource GUID property of the application gateway. | |
| rewrite_rule_sets | jsonb | Rewrite rules for the application gateway. | |
| sku | jsonb | SKU of the application gateway. | |
| ssl_certificates | jsonb | SSL certificates of the application gateway. | |
| ssl_policy | jsonb | SSL policy of the application gateway. | |
| ssl_profiles | jsonb | SSL profiles of the application gateway. | |
| subscription_id | text | The Azure Subscription ID in which the resource is located. | |
| tags | jsonb | A map of tags for the resource. | |
| title | text | Title of the resource. | |
| trusted_client_certificates | jsonb | Trusted client certificates of the application gateway. | |
| trusted_root_certificates | jsonb | Trusted root certificates of the application gateway. | |
| type | text | The resource type. | |
| url_path_maps | jsonb | URL path map of the application gateway. | |
| web_application_firewall_configuration | jsonb | Web application firewall configuration of the application gateway. | |
| zones | jsonb | A list of availability zones denoting where the resource needs to come from. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_application_gateway