steampipe plugin install azure

Table: azure_management_lock - Query Azure Management Locks using SQL

Azure Management Lock is a feature within Microsoft Azure that helps prevent accidental deletion or modification of Azure resources. It allows administrators to apply a 'CanNotDelete' or 'ReadOnly' lock on a subscription, resource group, or resource to protect it from being inadvertently deleted or modified. These locks can be used across various Azure resources, including virtual machines, storage accounts, and more.

Table Usage Guide

The azure_management_lock table provides insights into Management Locks within Microsoft Azure. As an Azure administrator or a DevOps engineer, explore lock-specific details through this table, including their level (CanNotDelete or ReadOnly), scope, and associated resources. Utilize it to uncover information about locks, such as those applied on critical resources, to ensure their accidental deletion or modification is prevented.

Examples

List of resources where the management locks are applied

This example demonstrates how to identify resources that have management locks applied to them within the Azure environment. This could be useful for administrators who need to manage access controls or troubleshoot issues related to locked resources.

select
name,
split_part(id, '/', 8) as resource_type,
split_part(id, '/', 9) as resource_name
from
azure_management_lock;
Error: SQLite does not support split_part function.

Resources and lock levels

Uncover the details of specific Azure resources and their associated lock levels. This can help you assess what resources are locked at what level, aiding in security and access management.

select
name,
split_part(id, '/', 8) as resource_type,
split_part(id, '/', 9) as resource_name,
lock_level
from
azure_management_lock;
Error: SQLite does not support split
or string_to_array functions.

Schema for azure_management_lock

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
cloud_environmenttextThe Azure Cloud Environment.
idtextContains ID to identify a lock uniquely.
lock_leveltextThe level of the lock.
nametext=The friendly name that identifies management lock.
notestextContains the notes about the lock.
ownersjsonbA list of owners of the lock.
resource_grouptext=The resource group which holds this resource.
scopetextContains the scope of the lock.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
subscription_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Subscription ID in which the resource is located.
titletextTitle of the resource.
typetextThe resource type of the lock.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_management_lock