azure_ad_groupazure_ad_service_principalazure_ad_userazure_alert_managementazure_api_managementazure_api_management_backendazure_app_configurationazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_app_service_web_app_slotazure_application_gatewayazure_application_insightazure_application_security_groupazure_automation_accountazure_automation_variableazure_backup_policyazure_bastion_hostazure_batch_accountazure_cdn_frontdoor_profileazure_cognitive_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_accessazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_ssh_keyazure_compute_virtual_machineazure_compute_virtual_machine_metric_available_memoryazure_compute_virtual_machine_metric_available_memory_dailyazure_compute_virtual_machine_metric_available_memory_hourlyazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_compute_virtual_machine_scale_set_network_interfaceazure_compute_virtual_machine_scale_set_vmazure_consumption_usageazure_container_groupazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_collectionazure_cosmosdb_mongo_databaseazure_cosmosdb_restorable_database_accountazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_data_protection_backup_jobazure_data_protection_backup_vaultazure_databox_edge_deviceazure_databricks_workspaceazure_diagnostic_settingazure_dns_zoneazure_eventgrid_domainazure_eventgrid_topicazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_firewall_policyazure_frontdoorazure_hdinsight_clusterazure_healthcare_serviceazure_hpc_cacheazure_hybrid_compute_machineazure_hybrid_kubernetes_connected_clusterazure_iothubazure_iothub_dpsazure_key_vaultazure_key_vault_certificateazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_key_versionazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_kubernetes_service_versionazure_kusto_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_lighthouse_assignmentazure_lighthouse_definitionazure_locationazure_log_alertazure_log_analytics_workspaceazure_log_profileazure_logic_app_workflowazure_machine_learning_workspaceazure_maintenance_configurationazure_management_groupazure_management_lockazure_mariadb_serverazure_monitor_activity_log_eventazure_monitor_log_profileazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mssql_virtual_machineazure_mysql_flexible_serverazure_mysql_serverazure_nat_gatewayazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_flexible_serverazure_postgresql_serverazure_private_dns_zoneazure_private_endpointazure_providerazure_public_ipazure_recovery_services_backup_jobazure_recovery_services_vaultazure_redis_cacheazure_resourceazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_automationazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_sub_assessmentazure_security_center_subscription_pricingazure_service_fabric_clusterazure_servicebus_namespaceazure_signalr_serviceazure_spring_cloud_serviceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_share_fileazure_storage_syncazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_synapse_workspaceazure_tenantazure_virtual_networkazure_virtual_network_gatewayazure_web_application_firewall_policy
Table: azure_backup_policy - Query Azure Backup Policies using SQL
Azure Backup is a cloud-based service offered by Microsoft Azure that allows organizations to back up and restore data across their Azure and non-Azure environments. It provides a way to manage, monitor, and act upon the data protection of infrastructure resources in a scalable and reliable manner. Azure Backup Policies are entities within this service that define the backup schedule, retention policy, and other settings for backup operations.
Table Usage Guide
The azure_backup_policy table provides insights into Azure Backup Policies within Azure Backup. As a DevOps engineer, explore policy-specific details through this table, including the backup schedule, retention settings, and other policy configurations. Utilize it to uncover information about policies, such as their associated backup vaults, and the protected items they are associated with.
Examples
Basic info
Analyze the settings to understand the backup schedule and retention policy of your Azure Backup policies. This will help in assessing the data protection strategy of your infrastructure resources.
select name, id, resource_group, vault_name, typefrom azure_backup_policy;select name, id, resource_group, vault_name, typefrom azure_backup_policy;Count the number of policies per vault
Identify the number of policies associated with each backup vault to understand the distribution of policies across your Azure Backup environment.
select vault_name, count(*) as policy_countfrom azure_backup_policygroup by vault_name;select vault_name, count(*) as policy_countfrom azure_backup_policygroup by vault_name;List policies with Azure IAAS VM Protection backup configuration
Retrieve the policies that are associated with Azure VM backup configurations to understand the backup settings for your virtual machines.
select name, id, resource_group, vault_name, azure_iaas_vm_protection_policy_property, typefrom azure_backup_policywhere azure_iaas_vm_protection_policy_property is not null;select name, id, resource_group, vault_name, azure_iaas_vm_protection_policy_property, typefrom azure_backup_policywhere azure_iaas_vm_protection_policy_property is not null;List Azure IAAS VM Protection policies with retention duration less than 30 days
Identify the Azure VM backup policies with a retention duration of less than 30 days to ensure that the backup data is retained for a sufficient period.
select name, id, resource_group, vault_name, azure_iaas_vm_protection_policy_property -> 'retentionPolicy' -> 'dailySchedule' ->> 'retentionDuration' as retention_duration_daysfrom azure_backup_policywhere azure_iaas_vm_protection_policy_property is not null and cast( azure_iaas_vm_protection_policy_property -> 'retentionPolicy' -> 'dailySchedule' -> 'retentionDuration' ->> 'count' as integer ) < 30;select name, id, resource_group, vault_name, azure_iaas_vm_protection_policy_property -> 'retentionPolicy' -> 'dailySchedule' -> 'retentionDuration' -> 'count' as retention_duration_daysfrom azure_backup_policywhere azure_iaas_vm_protection_policy_property is not null and cast( azure_iaas_vm_protection_policy_property -> 'retentionPolicy' -> 'dailySchedule' -> 'retentionDuration' -> 'count' as integer ) > 30;Detailed view of Azure VM Workload backup policies
Gain insights into the specific configurations of backup policies tailored for Azure VM workloads. This query highlights the intricacies of these policies, including backup management type, protection coverage, and the nature of the backup (such as full, incremental, or log backups), along with their scheduling and retention details.
select name as policy_name, vault_name, azure_vm_workload_protection_policy_property ->> 'backupManagementType' as management_type, jsonb_array_length( azure_vm_workload_protection_policy_property -> 'subProtectionPolicy' ) as number_of_sub_policies, jsonb_pretty( azure_vm_workload_protection_policy_property -> 'subProtectionPolicy' ) as sub_protection_policiesfrom azure_backup_policywhere azure_vm_workload_protection_policy_property is not null;select name as policy_name, vault_name, json_extract( azure_vm_workload_protection_policy_property, '$.backupManagementType' ) as management_type, json_array_length( json_extract( azure_vm_workload_protection_policy_property, '$.subProtectionPolicy' ) ) as number_of_sub_policies, json_pretty( json_extract( azure_vm_workload_protection_policy_property, '$.subProtectionPolicy' ) ) as sub_protection_policiesfrom azure_backup_policywhere azure_vm_workload_protection_policy_property is not null;Schema for azure_backup_policy
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| azure_file_share_protection_policy_property | jsonb | The Azure File Share Protection Policy associated with the backup policy. | |
| azure_iaas_vm_protection_policy_property | jsonb | The Azure IaaS VM Protection Policy associated with the backup policy. | |
| azure_sql_protection_policy_property | jsonb | The Azure SQL Protection Policy associated with the backup policy. | |
| azure_vm_workload_protection_policy_property | jsonb | The Azure VM Workload Protection Policy associated with the backup policy. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| etag | text | An unique read-only string that changes whenever the resource is updated. | |
| generic_protection_policy_property | jsonb | The Generic Protection Policy associated with the backup policy. | |
| id | text | The resource identifier representing the complete path to the resource. | |
| location | text | The location of the resource. | |
| mab_protection_policy_property | jsonb | The MAB Protection Policy associated with the backup policy. | |
| name | text | The resource name associated with the resource. | |
| protection_policy_property | jsonb | The protection policy associated with the backup policy. | |
| region | text | The Azure region/location in which the resource is located. | |
| resource_group | text | = | The resource group which holds this resource. |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
| tags | jsonb | The resource tags. | |
| title | text | Title of the resource. | |
| type | text | The resource type representing the complete path of the form Namespace/ResourceType/ResourceType/... | |
| vault_name | text | = | The name of the vault associated with the backup policy. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_backup_policy