Table: azure_compute_disk - Query Azure Compute Disks using SQL
Azure Compute Disk is a resource within Microsoft Azure that allows you to create and manage disks for your virtual machines. These disks can be used as system disks or data disks and come in different types, including standard HDD, standard SSD, and premium SSD. Azure Compute Disk also supports disk encryption for enhanced security.
Table Usage Guide
The azure_compute_disk
table provides insights into the disks used in Azure Compute. As a system administrator or developer, you can explore disk-specific details through this table, including the type, size, location, and encryption settings of each disk. Utilize it to manage disk resources effectively, ensuring optimal allocation and enhanced security.
Examples
List of all premium tier compute disks
Determine the areas in which premium tier compute disks are being utilized across your Azure environment. This can help in resource management and cost optimization by identifying areas of high-end usage.
select name, sku_name, sku_tierfrom azure_compute_diskwhere sku_tier = 'Premium';
select name, sku_name, sku_tierfrom azure_compute_diskwhere sku_tier = 'Premium';
List of unattached disks
Discover the segments that consist of unused storage resources within your Azure infrastructure. This can aid in optimizing resource allocation and reducing unnecessary costs.
select name, disk_statefrom azure_compute_diskwhere disk_state = 'Unattached';
select name, disk_statefrom azure_compute_diskwhere disk_state = 'Unattached';
Size and performance info of each disk
Gain insights into the performance and size of each disk in your Azure Compute service. This helps in optimizing resource allocation and identifying potential performance bottlenecks.
select name, disk_size_gb as disk_size, disk_iops_read_only as disk_iops_read_only, disk_iops_read_write as provision_iops, disk_iops_mbps_read_write as bandwidth, disk_iops_mbps_read_only as disk_mbps_read_writefrom azure_compute_disk;
select name, disk_size_gb as disk_size, disk_iops_read_only as disk_iops_read_only, disk_iops_read_write as provision_iops, disk_iops_mbps_read_write as bandwidth, disk_iops_mbps_read_only as disk_mbps_read_writefrom azure_compute_disk;
List of compute disks which are not available in multiple az
Determine the areas in which Azure Compute Disks are not available across multiple availability zones. This is useful for identifying potential vulnerabilities in your system's redundancy and disaster recovery capabilities.
select name, az, regionfrom azure_compute_disk cross join jsonb_array_elements(zones) azwhere zones is not null;
select name, az.value as az, regionfrom azure_compute_disk, json_each(zones) azwhere zones is not null;
List of compute disks which are not encrypted with customer key
Discover the segments that utilize compute disks not encrypted with a customer key, enabling you to identify potential security risks and take necessary actions to enhance data protection.
select name, encryption_typefrom azure_compute_diskwhere encryption_type <> 'EncryptionAtRestWithCustomerKey';
select name, encryption_typefrom azure_compute_diskwhere encryption_type != 'EncryptionAtRestWithCustomerKey';
Query examples
- compute_disk_1_year_count
- compute_disk_24_hours_count
- compute_disk_30_90_days_count
- compute_disk_30_days_count
- compute_disk_90_365_days_count
- compute_disk_accesses_for_compute_disk
- compute_disk_by_age
- compute_disk_by_attachment
- compute_disk_by_encryption_type
- compute_disk_by_os_type
- compute_disk_by_region
- compute_disk_by_sku_tier
- compute_disk_by_subscription
- compute_disk_cmk_and_platfrom_managed_encryption_count
- compute_disk_count
- compute_disk_customer_managed_encryption_count
- compute_disk_encryption_set_details
- compute_disk_encryption_sets_for_compute_disk
- compute_disk_network_access_policy
- compute_disk_os_type
- compute_disk_platform_managed_encryption_count
- compute_disk_size
- compute_disk_sku_name
- compute_disk_storage_by_age
- compute_disk_storage_by_region
- compute_disk_storage_by_subscription
- compute_disk_storage_total
- compute_disk_tags
- compute_disk_unattached_count
- compute_disks_for_compute_virtual_machine
- compute_disks_for_compute_virtual_machine_scale_set_vm
- compute_disks_for_storage_account
- compute_virtual_machine_storage_profile
- key_vault_keys_for_compute_disk
- key_vault_vaults_for_compute_disk
- storage_storage_accounts_for_compute_disk
Control examples
- All Controls > Compute > Ensure that 'Disk Network Access' is NOT set to 'Enable public access from all networks'
- All Controls > Compute > Ensure that 'Enable Data Access Authentication Mode' is 'Checked'
- All Controls > Compute > Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
- All Controls > Compute > Unattached Compute disks should be encrypted with ADE/CMK
- CIS v1.3.0 > 7 Virtual Machines > 7.2 Ensure that 'OS and Data' disks are encrypted with CMK
- CIS v1.3.0 > 7 Virtual Machines > 7.3 Ensure that 'Unattached disks' are encrypted with CMK
- CIS v1.4.0 > 7 Virtual Machines > 7.2 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
- CIS v1.4.0 > 7 Virtual Machines > 7.3 Ensure that 'Unattached disks' are encrypted with CMK
- CIS v1.5.0 > 7 Virtual Machines > 7.2 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
- CIS v1.5.0 > 7 Virtual Machines > 7.3 Ensure that 'Unattached disks' are encrypted with CMK
- CIS v2.0.0 > 7 Virtual Machines > 7.3 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
- CIS v2.0.0 > 7 Virtual Machines > 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
- CIS v2.1.0 > 7 Virtual Machines > 7.3 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
- CIS v2.1.0 > 7 Virtual Machines > 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
- CIS v3.0.0 > 8 Virtual Machines > 8.3 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
- CIS v3.0.0 > 8 Virtual Machines > 8.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
- CIS v3.0.0 > 8 Virtual Machines > 8.5 Ensure that 'Disk Network Access' is NOT set to 'Enable public access from all networks'
- CIS v3.0.0 > 8 Virtual Machines > 8.6 Ensure that 'Enable Data Access Authentication Mode' is 'Checked'
- Managed disks should be double encrypted with both platform-managed and customer-managed keys
- OS and data disks should be encrypted with a customer-managed key
Schema for azure_compute_disk
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
cloud_environment | text | The Azure Cloud Environment. | |
creation_data_gallery_image_reference_id | text | The ARM id of the shared galley image version from which disk was created | |
creation_data_gallery_image_reference_lun | bigint | An index that indicates which of the data disks in the image to use, if the disk is created from an image's data disk | |
creation_data_image_reference_id | text | A relative uri containing either a Platform Image Repository or user image reference | |
creation_data_image_reference_lun | bigint | If the disk is created from an image's data disk, this is an index that indicates which of the data disks in the image to use. For OS disks, this field is null | |
creation_data_option | text | This enumerates the possible sources of a disk's creation | |
creation_data_source_resource_id | text | The ARM id of the source snapshot or disk | |
creation_data_source_unique_id | text | An unique id identifying the source of this resource | |
creation_data_source_uri | text | The URI of a blob to be imported into a managed disk | |
creation_data_storage_account_id | text | The Azure Resource Manager identifier of the storage account containing the blob to import as a disk | |
creation_data_upload_size_bytes | bigint | This is the size of the contents of the upload including the VHD footer. This value should be between 20972032 (20 MiB + 512 bytes for the VHD footer) and 35183298347520 bytes (32 TiB + 512 bytes for the VHD footer) | |
data_access_auth_mode | text | The mode to use for data access to the disk | |
disk_access_id | text | ARM id of the DiskAccess resource for using private endpoints on disks | |
disk_iops_mbps_read_only | bigint | The total throughput (MBps) that will be allowed across all VMs mounting the shared disk as ReadOnly. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10 | |
disk_iops_mbps_read_write | bigint | The bandwidth allowed for this disk; only settable for UltraSSD disks. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10 | |
disk_iops_read_only | double precision | The total number of IOPS that will be allowed across all VMs mounting the shared disk as ReadOnly. One operation can transfer between 4k and 256k bytes | |
disk_iops_read_write | double precision | The number of IOPS allowed for this disk; only settable for UltraSSD disks. One operation can transfer between 4k and 256k bytes | |
disk_size_bytes | double precision | The size of the disk in bytes | |
disk_size_gb | bigint | If this field is present for updates or creation with other options, it indicates a resize. Resizes are only allowed if the disk is not attached to a running VM, and can only increase the disk's size | |
disk_state | text | This enumerates the possible state of the disk | |
encryption_disk_encryption_set_id | text | ResourceId of the disk encryption set to use for enabling encryption at rest | |
encryption_settings_collection_enabled | boolean | Shows the status of the encryption settings for the disk | |
encryption_settings_collection_settings | jsonb | A collection of encryption settings, one for each disk volume | |
encryption_settings_collection_version | text | Describes the type of encryption is used for the disks. '1.0' corresponds to Azure Disk Encryption with AAD app. '1.1' corresponds to Azure Disk Encryption | |
encryption_type | text | The type of key used to encrypt the data of the disk | |
hyper_v_generation | text | The hypervisor generation of the Virtual Machine. Applicable to OS disks only | |
id | text | The unique id identifying the resource in subscription | |
managed_by | text | A relative URI containing the ID of the VM that has the disk attached | |
managed_by_extended | jsonb | List of relative URIs containing the IDs of the VMs that have the disk attached | |
max_shares | bigint | The maximum number of VMs that can attach to the disk at the same time. Value greater than one indicates a disk that can be mounted on multiple VMs at the same time | |
name | text | = | Name of the disk |
network_access_policy | text | Policy for accessing the disk via network | |
os_type | text | The Operating System type | |
provisioning_state | text | The disk provisioning state | |
public_network_access | text | Public network access for the disk can be enabled or disabled | |
region | text | The Azure region/location in which the resource is located. | |
resource_group | text | = | The resource group which holds this resource. |
share_info | jsonb | Details of the list of all VMs that have the disk attached | |
sku_name | text | The disks sku name. Can be Standard_LRS, Premium_LRS, StandardSSD_LRS, or UltraSSD_LRS | |
sku_tier | text | The sku tier | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
tags | jsonb | A map of tags for the resource. | |
time_created | timestamp with time zone | The time when the disk was created | |
title | text | Title of the resource. | |
type | text | The type of the resource in Azure | |
unique_id | text | Unique Guid identifying the resource | |
zones | jsonb | The Logical zone list for Disk |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure
You can pass the configuration to the command with the --config
argument:
steampipe_export_azure --config '<your_config>' azure_compute_disk