v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/azure
Overview
167Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install azure

Table: azure_lighthouse_definition - Query Azure Lighthouse Definitions using SQL

Azure Lighthouse is a service within Microsoft Azure that enables cross-tenant management, allowing service providers to manage resources across multiple tenants while maintaining control and visibility. Azure Lighthouse provides greater automation, scalability, and enhanced governance across resources.

Table Usage Guide

The azure_lighthouse_definition table provides insights into Azure Lighthouse definitions. As a Network Administrator or Service Provider, you can explore details about each Lighthouse definition, including its configuration, associated resources, and authorization details. Use this table to ensure your cross-tenant management and governance are correctly configured and to quickly identify any potential issues.

Examples

Basic info

Explore the status and details of your Azure Lighthouse definitions to understand their current state and type. This is beneficial for auditing and managing your cross-tenant resources effectively.

select
  name,
  id,
  managed_by_tenant_id,
  managed_by_tenant_name,
  managed_tenant_name,
  type
from
  azure_lighthouse_definition;
select
  name,
  id,
  managed_by_tenant_id,
  managed_by_tenant_name,
  managed_tenant_name,
  type
from
  azure_lighthouse_definition;

List authorization details for each Lighthouse definition

Identify the authorization details linked with each Lighthouse definition. This can help in managing access control and understanding the roles assigned to different Azure Active Directory principals.

select
  name,
  a ->> 'principalId' as principal_id,
  a ->> 'roleDefinitionId' as role_definition_id,
  a ->> 'principalIdDisplayName' as principal_id_display_name,
  a -> 'delegatedRoleDefinitionIds' as delegated_role_definition_i_ds
from
  azure_lighthouse_definition,
  jsonb_array_elements(authorizations) as a;
select
  name,
  json_extract(a.value, '$.principalId') as principal_id,
  json_extract(a.value, '$.roleDefinitionId') as role_definition_id,
  json_extract(a.value, '$.principalIdDisplayName') as principal_id_display_name,
  json_extract(a.value, '$.delegatedRoleDefinitionIds') as delegated_role_definition_i_ds
from
  azure_lighthouse_definition,
  json_each(authorizations) as a;

List eligible authorization details for each Lighthouse definition

Explore the eligible authorization details associated with each Lighthouse definition. This helps in understanding the just-in-time access Azure Active Directory principals will receive on the delegated resources.

select
  name,
  a ->> 'principalId' as principal_id,
  a ->> 'roleDefinitionId' as role_definition_id,
  a ->> 'principalIdDisplayName' as principal_id_display_name,
  a -> 'justInTimeAccessPolicy' as just_in_time_access_policy
from
  azure_lighthouse_definition,
  jsonb_array_elements(eligible_authorizations) as a;
select
  name,
  json_extract(a.value, '$.principalId') as principal_id,
  json_extract(a.value, '$.roleDefinitionId') as role_definition_id,
  json_extract(a.value, '$.principalIdDisplayName') as principal_id_display_name,
  json_extract(a.value, '$.justInTimeAccessPolicy') as just_in_time_access_policy
from
  azure_lighthouse_definition,
  json_each(eligible_authorizations) as a;

List plan details for each Lighthouse definition

Get an overview of the plan details for the managed services associated with each Lighthouse definition. This can assist in understanding the service plans and ensuring they align with your management requirements.

select
  name,
  plan ->> 'name' as plan_name,
  plan ->> 'product' as plan_product,
  plan ->> 'publisher' as plan_publisher,
  plan ->> 'version' as plan_version
from
  azure_lighthouse_definition;
select
  name,
  json_extract(plan, '$.name') as plan_name,
  json_extract(plan, '$.product') as plan_product,
  json_extract(plan, '$.publisher') as plan_publisher,
  json_extract(plan, '$.version') as plan_version
from
  azure_lighthouse_definition;

Schema for azure_lighthouse_definition

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
authorizationsjsonbAuthorization details containing principal ID and role ID.
descriptiontextDescription of the registration definition.
eligible_authorizationsjsonbThe collection of eligible authorization objects describing the just-in-time access Azure Active Directory principals in the managedBy tenant will receive on the delegated resource in the managed tenant.
idtextFully qualified path of the registration definition.
managed_by_tenant_idtextID of the managedBy tenant.
managed_by_tenant_nametextThe name of the managedBy tenant.
managed_tenant_nametextThe name of the managed tenant.
nametextName of the registration definition.
planjsonbPlan details for the managed services.
registration_definition_idtext=The ID of the registration definition.
registration_definition_nametextName of the registration definition.
resource_grouptextThe resource group which holds this resource.
scopetext=The scope of the resource.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the resource.
typetextType of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_lighthouse_definition