azure_ad_groupazure_ad_service_principalazure_ad_userazure_alert_managementazure_api_managementazure_api_management_backendazure_app_configurationazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_app_service_web_app_slotazure_application_gatewayazure_application_insightazure_application_security_groupazure_automation_accountazure_automation_variableazure_backup_policyazure_bastion_hostazure_batch_accountazure_cdn_frontdoor_profileazure_cognitive_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_accessazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_ssh_keyazure_compute_virtual_machineazure_compute_virtual_machine_metric_available_memoryazure_compute_virtual_machine_metric_available_memory_dailyazure_compute_virtual_machine_metric_available_memory_hourlyazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_compute_virtual_machine_scale_set_network_interfaceazure_compute_virtual_machine_scale_set_vmazure_consumption_usageazure_container_groupazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_collectionazure_cosmosdb_mongo_databaseazure_cosmosdb_restorable_database_accountazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_data_protection_backup_jobazure_data_protection_backup_vaultazure_databox_edge_deviceazure_databricks_workspaceazure_diagnostic_settingazure_dns_zoneazure_eventgrid_domainazure_eventgrid_topicazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_firewall_policyazure_frontdoorazure_hdinsight_clusterazure_healthcare_serviceazure_hpc_cacheazure_hybrid_compute_machineazure_hybrid_kubernetes_connected_clusterazure_iothubazure_iothub_dpsazure_key_vaultazure_key_vault_certificateazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_key_versionazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_kubernetes_service_versionazure_kusto_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_lighthouse_assignmentazure_lighthouse_definitionazure_locationazure_log_alertazure_log_analytics_workspaceazure_log_profileazure_logic_app_workflowazure_machine_learning_workspaceazure_maintenance_configurationazure_management_groupazure_management_lockazure_mariadb_serverazure_monitor_activity_log_eventazure_monitor_log_profileazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mssql_virtual_machineazure_mysql_flexible_serverazure_mysql_serverazure_nat_gatewayazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_flexible_serverazure_postgresql_serverazure_private_dns_zoneazure_private_endpointazure_providerazure_public_ipazure_recovery_services_backup_jobazure_recovery_services_vaultazure_redis_cacheazure_resourceazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_automationazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_sub_assessmentazure_security_center_subscription_pricingazure_service_fabric_clusterazure_servicebus_namespaceazure_signalr_serviceazure_spring_cloud_serviceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_share_fileazure_storage_syncazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_synapse_workspaceazure_tenantazure_virtual_networkazure_virtual_network_gatewayazure_web_application_firewall_policy
Table: azure_eventgrid_domain - Query Azure Event Grid Domains using SQL
Azure Event Grid Domain is a management tool within Microsoft Azure that allows you to route events from your apps and services to specific handlers. It provides a centralized way to manage and route events that occur within your applications, including virtual machines, databases, web applications, and more. Azure Event Grid Domain helps you stay informed about the events occurring in your Azure resources and take appropriate actions when certain conditions are met.
Table Usage Guide
The azure_eventgrid_domain table provides insights into Event Grid Domains within Microsoft Azure. As a DevOps engineer, explore domain-specific details through this table, including domain name, resource group, location, input schema, and metric resource id. Utilize it to uncover information about the events routing, such as the domain's endpoint, the input schema of the domain, and the provisioning state of the domain.
Examples
Basic info
Discover the segments that have been provisioned within your Azure EventGrid domain. This query is useful for gaining insights into the current state of your domain, including identifying the type and status of each segment.
select name, id, type, provisioning_statefrom azure_eventgrid_domain;select name, id, type, provisioning_statefrom azure_eventgrid_domain;List domains not configured with private endpoint connections
Identify instances where Azure EventGrid domains are not configured with private endpoint connections. This can be useful for pinpointing potential security gaps in your network infrastructure.
select name, id, type, private_endpoint_connectionsfrom azure_eventgrid_domainwhere private_endpoint_connections is null;select name, id, type, private_endpoint_connectionsfrom azure_eventgrid_domainwhere private_endpoint_connections is null;List domains with local authentication disabled
Identify instances where domains have local authentication disabled within Azure's event grid. This can be useful to assess potential security risks and ensure compliance with security policies.
select name, id, type, disable_local_authfrom azure_eventgrid_domainwhere disable_local_auth;select name, id, type, disable_local_authfrom azure_eventgrid_domainwhere disable_local_auth = 1;Control examples
- All Controls > Event Grid > Event Grid domains identity provider should be enabled
- All Controls > Event Grid > Event Grid domains should restrict public network access
- All Controls > Event Grid > Event Grid topics should have local authentication enabled
- Azure Event Grid domains should use private link
Schema for azure_eventgrid_domain
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| auto_create_topic_with_first_subscription | boolean | This Boolean is used to specify the creation mechanism for 'all' the event grid domain topics associated with this event grid domain resource. | |
| auto_delete_topic_with_last_subscription | boolean | This Boolean is used to specify the deletion mechanism for 'all' the Event Grid Domain Topics associated with this Event Grid Domain resource. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| created_at | timestamp with time zone | The timestamp of resource creation (UTC). | |
| created_by | text | The identity that created the resource. | |
| created_by_type | text | The type of identity that created the resource. | |
| diagnostic_settings | jsonb | A list of active diagnostic settings for the eventgrid domain. | |
| disable_local_auth | boolean | This boolean is used to enable or disable local auth. Default value is false. When the property is set to true, only AAD token will be used to authenticate if user is allowed to publish to the domain. | |
| endpoint | text | Endpoint for the Event Grid Domain Resource which is used for publishing the events. | |
| id | text | Fully qualified identifier of the resource. | |
| identity_type | text | The type of managed identity used. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user-assigned identities. The type 'None' will remove any identity. Possible values include: 'None', 'SystemAssigned', 'UserAssigned', 'SystemAssignedUserAssigned'. | |
| inbound_ip_rules | jsonb | This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. | |
| input_schema | text | This determines the format that Event Grid should expect for incoming events published to the Event Grid Domain Resource. Possible values include: 'EventGridSchema', 'CustomEventSchema', 'CloudEventSchemaV10'. | |
| input_schema_mapping | jsonb | Information about the InputSchemaMapping which specified the info about mapping event payload. | |
| last_modified_at | timestamp with time zone | The timestamp of resource last modification (UTC). | |
| last_modified_by | text | The identity that last modified the resource. | |
| last_modified_by_type | text | The type of identity that last modified the resource. | |
| location | text | Location of the resource. | |
| name | text | = | The name of the resource. |
| principal_id | text | The principal ID of resource identity. | |
| private_endpoint_connections | jsonb | List of private endpoint connections. | |
| provisioning_state | text | Provisioning state of the event grid domain resource. Possible values include: 'Creating', 'Updating', 'Deleting', 'Succeeded', 'Canceled', 'Failed'. | |
| public_network_access | text | This determines if traffic is allowed over public network. By default it is enabled. | |
| region | text | The Azure region/location in which the resource is located. | |
| resource_group | text | = | The resource group which holds this resource. |
| sku_name | text | Name of this SKU. Possible values include: 'Basic', 'Standard'. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
| tags | jsonb | A map of tags for the resource. | |
| title | text | Title of the resource. | |
| type | text | The resource type. | |
| user_assigned_identities | jsonb | The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_eventgrid_domain