azure_ad_groupazure_ad_service_principalazure_ad_userazure_alert_managementazure_api_managementazure_api_management_backendazure_app_configurationazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_app_service_web_app_slotazure_application_gatewayazure_application_insightazure_application_security_groupazure_automation_accountazure_automation_variableazure_backup_policyazure_bastion_hostazure_batch_accountazure_cdn_frontdoor_profileazure_cognitive_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_accessazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_ssh_keyazure_compute_virtual_machineazure_compute_virtual_machine_metric_available_memoryazure_compute_virtual_machine_metric_available_memory_dailyazure_compute_virtual_machine_metric_available_memory_hourlyazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_compute_virtual_machine_scale_set_network_interfaceazure_compute_virtual_machine_scale_set_vmazure_consumption_usageazure_container_groupazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_collectionazure_cosmosdb_mongo_databaseazure_cosmosdb_restorable_database_accountazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_data_protection_backup_jobazure_data_protection_backup_vaultazure_databox_edge_deviceazure_databricks_workspaceazure_diagnostic_settingazure_dns_zoneazure_eventgrid_domainazure_eventgrid_topicazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_firewall_policyazure_frontdoorazure_hdinsight_clusterazure_healthcare_serviceazure_hpc_cacheazure_hybrid_compute_machineazure_hybrid_kubernetes_connected_clusterazure_iothubazure_iothub_dpsazure_key_vaultazure_key_vault_certificateazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_key_versionazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_kubernetes_service_versionazure_kusto_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_lighthouse_assignmentazure_lighthouse_definitionazure_locationazure_log_alertazure_log_analytics_workspaceazure_log_profileazure_logic_app_workflowazure_machine_learning_workspaceazure_maintenance_configurationazure_management_groupazure_management_lockazure_mariadb_serverazure_monitor_activity_log_eventazure_monitor_log_profileazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mssql_virtual_machineazure_mysql_flexible_serverazure_mysql_serverazure_nat_gatewayazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_flexible_serverazure_postgresql_serverazure_private_dns_zoneazure_private_endpointazure_providerazure_public_ipazure_recovery_services_backup_jobazure_recovery_services_vaultazure_redis_cacheazure_resourceazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_automationazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_sub_assessmentazure_security_center_subscription_pricingazure_service_fabric_clusterazure_servicebus_namespaceazure_signalr_serviceazure_spring_cloud_serviceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_share_fileazure_storage_syncazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_synapse_workspaceazure_tenantazure_virtual_networkazure_virtual_network_gatewayazure_web_application_firewall_policy
Table: azure_mysql_server - Query Azure MySQL Servers using SQL
Azure Database for MySQL is a managed service that you use to run, manage, and scale highly available MySQL databases in the cloud. This service offers built-in high availability, security at every level of the application stack, and scaling in seconds with Azure. Azure Database for MySQL integrates with popular open-source frameworks and languages, and it's built on the trusted foundation of MySQL community edition.
Table Usage Guide
The azure_mysql_server table provides insights into MySQL servers within Azure. As a database administrator, explore server-specific details through this table, including server version, storage capacity, and location. Utilize it to uncover information about servers, such as those with specific configurations, the status of each server, and the backup retention period.
Examples
Basic info
Explore the configuration of your Azure MySQL servers to understand their geographical locations and security settings, such as SSL enforcement and the minimal TLS version. This can help ensure your servers are optimally configured for both performance and security.
select name, id, location, ssl_enforcement, minimal_tls_versionfrom azure_mysql_server;select name, id, location, ssl_enforcement, minimal_tls_versionfrom azure_mysql_server;List servers with SSL enabled
Identify instances where servers have SSL enabled to ensure secure data transmission and safeguard against potential security risks.
select name, id, location, ssl_enforcementfrom azure_mysql_serverwhere ssl_enforcement = 'Enabled';select name, id, location, ssl_enforcementfrom azure_mysql_serverwhere ssl_enforcement = 'Enabled';List servers with public network access disabled
Explore which servers have enhanced security by having public network access disabled. This is useful for assessing potential vulnerabilities and ensuring that your servers are not exposed to unnecessary risks.
select name, id, public_network_accessfrom azure_mysql_serverwhere public_network_access = 'Disabled';select name, id, public_network_accessfrom azure_mysql_serverwhere public_network_access = 'Disabled';List servers with storage profile auto growth disabled
Identify instances where Azure MySQL servers have the storage profile auto growth feature disabled. This can be useful for optimizing storage management and preventing unexpected storage limitations.
select name, id, storage_auto_growfrom azure_mysql_serverwhere storage_auto_grow = 'Disabled';select name, id, storage_auto_growfrom azure_mysql_serverwhere storage_auto_grow = 'Disabled';List servers with 'backup_retention_days' greater than 90 days
Identify instances where your Azure MySQL servers are set to retain backups for more than 90 days. This can help in assessing your data retention strategy and ensuring compliance with your organization's data policies.
select name, id, backup_retention_daysfrom azure_mysql_serverwhere backup_retention_days > 90;select name, id, backup_retention_daysfrom azure_mysql_serverwhere backup_retention_days > 90;List servers with minimum TLS version lower than 1.2
Determine the areas in which your Azure MySQL servers may have security vulnerabilities by identifying those running with a minimum TLS version lower than 1.2. This can be used to enhance your server's security by upgrading to a higher TLS version.
select name, id, minimal_tls_versionfrom azure_mysql_serverwhere minimal_tls_version = 'TLS1_0' or minimal_tls_version = 'TLS1_1';select name, id, minimal_tls_versionfrom azure_mysql_serverwhere minimal_tls_version = 'TLS1_0' or minimal_tls_version = 'TLS1_1';List private endpoint connection details
Explore the details of private endpoint connections in your Azure MySQL server. This query is useful in identifying the status and actions required for each connection, which can help in managing and troubleshooting your private endpoint connections.
select name as server_name, id as server_id, connections ->> 'id' as connection_id, connections ->> 'privateEndpointPropertyId' as connection_private_endpoint_property_id, connections ->> 'privateLinkServiceConnectionStateActionsRequired' as connection_actions_required, connections ->> 'privateLinkServiceConnectionStateDescription' as connection_description, connections ->> 'privateLinkServiceConnectionStateStatus' as connection_status, connections ->> 'provisioningState' as connection_provisioning_statefrom azure_mysql_server, jsonb_array_elements(private_endpoint_connections) as connections;select name as server_name, s.id as server_id, json_extract(connections.value, '$.id') as connection_id, json_extract(connections.value, '$.privateEndpointPropertyId') as connection_private_endpoint_property_id, json_extract( connections.value, '$.privateLinkServiceConnectionStateActionsRequired' ) as connection_actions_required, json_extract( connections.value, '$.privateLinkServiceConnectionStateDescription' ) as connection_description, json_extract( connections.value, '$.privateLinkServiceConnectionStateStatus' ) as connection_status, json_extract(connections.value, '$.provisioningState') as connection_provisioning_statefrom azure_mysql_server as s, json_each(private_endpoint_connections) as connections;List server keys
Explore the creation and configuration details of server keys in Azure MySQL servers. This can be useful to manage and track key usage and ensure security compliance across servers.
select name as server_name, id as server_id, keys ->> 'creationDate' as keys_creation_date, keys ->> 'id' as keys_id, keys ->> 'kind' as keys_kind, keys ->> 'name' as keys_name, keys ->> 'serverKeyType' as keys_server_key_type, keys ->> 'type' as keys_type, keys ->> 'uri' as keys_urifrom azure_mysql_server, jsonb_array_elements(server_keys) as keys;select name as server_name, s.id as server_id, json_extract(keys.value, '$.creationDate') as keys_creation_date, json_extract(keys.value, '$.id') as keys_id, json_extract(keys.value, '$.kind') as keys_kind, json_extract(keys.value, '$.name') as keys_name, json_extract(keys.value, '$.serverKeyType') as keys_server_key_type, json_extract(keys.value, '$.type') as keys_type, json_extract(keys.value, '$.uri') as keys_urifrom azure_mysql_server as s, json_each(server_keys) as keys;List server configuration details
This query can be used to analyze and understand the configuration details of your servers on Azure MySQL. It's particularly useful when you need to assess the current settings of your servers for optimization or troubleshooting purposes.
Note: Server configurations is the same as Server parameters as shown in Azure MySQL server console
select name as server_name, id as server_id, configurations ->> 'Name' as configuration_name, configurations -> 'ConfigurationProperties' ->> 'value' as valuefrom azure_mysql_server, jsonb_array_elements(server_configurations) as configurations;select name as server_name, s.id as server_id, json_extract(configurations.value, '$.Name') as configuration_name, json_extract( json_extract(configurations.value, '$.ConfigurationProperties'), '$.value' ) as valuefrom azure_mysql_server as s, json_each(server_configurations) as configurations;Current state of audit_log_enabled parameter for the servers
This query is used to analyze the status of the audit log feature across various servers in Azure's MySQL service. It provides valuable insights into which servers have the audit log enabled, which is crucial for maintaining security and compliance within the system.
select name as server_name, id as server_id, configurations ->> 'Name' as configuration_name, configurations -> 'ConfigurationProperties' ->> 'value' as valuefrom azure_mysql_server, jsonb_array_elements(server_configurations) as configurationswhere configurations ->> 'Name' = 'audit_log_enabled';select name as server_name, s.id as server_id, json_extract(configurations.value, '$.Name') as configuration_name, json_extract( json_extract(configurations.value, '$.ConfigurationProperties'), '$.value' ) as valuefrom azure_mysql_server as s, json_each(server_configurations) as configurationswhere json_extract(configurations.value, '$.Name') = 'audit_log_enabled';List servers with slow_query_log parameter enabled
Determine the areas in which the slow query log parameter is enabled on Azure MySQL servers. This is useful for identifying potential performance issues and optimizing database operations.
select name as server_name, id as server_id, configurations ->> 'Name' as configuration_name, configurations -> 'ConfigurationProperties' ->> 'value' as valuefrom azure_mysql_server, jsonb_array_elements(server_configurations) as configurationswhere configurations -> 'ConfigurationProperties' ->> 'value' = 'ON' and configurations ->> 'Name' = 'slow_query_log';select name as server_name, s.id as server_id, json_extract(configurations.value, '$.Name') as configuration_name, json_extract( json_extract(configurations.value, '$.ConfigurationProperties'), '$.value' ) as valuefrom azure_mysql_server as s, json_each(server_configurations) as configurationswhere json_extract( json_extract(configurations.value, '$.ConfigurationProperties'), '$.value' ) = 'ON' and json_extract(configurations.value, '$.Name') = 'slow_query_log';List servers with log_output parameter set to file
This example helps identify Azure MySQL servers that have their log output parameter configured to file. This can be useful for administrators who want to ensure that their server logs are being written to a file for easier access and review.
select name as server_name, id as server_id, configurations ->> 'Name' as configuration_name, configurations -> 'ConfigurationProperties' ->> 'value' as valuefrom azure_mysql_server, jsonb_array_elements(server_configurations) as configurationswhere configurations -> 'ConfigurationProperties' ->> 'value' = 'FILE' and configurations ->> 'Name' = 'log_output';select name as server_name, s.id as server_id, json_extract(configurations.value, '$.Name') as configuration_name, json_extract( json_extract(configurations.value, '$.ConfigurationProperties'), '$.value' ) as valuefrom azure_mysql_server as s, json_each(server_configurations) as configurationswhere json_extract( json_extract(configurations.value, '$.ConfigurationProperties'), '$.value' ) = 'FILE' and json_extract(configurations.value, '$.Name') = 'log_output';Get VNET rules details of the server
Explore the configuration of your server to identify whether it is set to ignore missing Virtual Network Service Endpoints. This allows you to assess the security of your server by understanding its network connectivity settings.
select name as server_name, id as server_id, rules -> 'properties' ->> 'ignoreMissingVnetServiceEndpoint' as ignore_missing_vnet_service_endpoint, rules -> 'properties' ->> 'virtualNetworkSubnetId' as virtual_network_subnet_idfrom azure_mysql_server, jsonb_array_elements(vnet_rules) as rules;select name as server_name, s.id as server_id, json_extract( rules.value, '$.properties.ignoreMissingVnetServiceEndpoint' ) as ignore_missing_vnet_service_endpoint, json_extract( rules.value, '$.properties.virtualNetworkSubnetId' ) as virtual_network_subnet_idfrom azure_mysql_server as s, json_each(vnet_rules) as rules;Get the security alert policy for a particular server
Determine the security alert policy for a specific server within a given resource group. This is useful for assessing the security measures in place for that server.
select name, id, type, server_security_alert_policyfrom azure_mysql_serverwhere resource_group = 'demo' and name = 'server-test-for-pr';select name, id, type, server_security_alert_policyfrom azure_mysql_serverwhere resource_group = 'demo' and name = 'server-test-for-pr';Control examples
- All Controls > MySQL > Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
- All Controls > MySQL > Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server
- All Controls > MySQL > Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server
- CIS v1.3.0 > 4 Database Services > 4.3 PostgreSQL Database Server > 4.3.2 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server
- CIS v1.4.0 > 4 Database Services > 4.4 MySQL Database > 4.4.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server
- CIS v1.4.0 > 4 Database Services > 4.4 MySQL Database > 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
- CIS v1.5.0 > 4 Database Services > 4.4 MySQL Database > 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server
- CIS v1.5.0 > 4 Database Services > 4.4 MySQL Database > 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
- CIS v1.5.0 > 4 Database Services > 4.4 MySQL Database > 4.4.3 Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server
- CIS v1.5.0 > 4 Database Services > 4.4 MySQL Database > 4.4.4 Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server
- CIS v2.0.0 > 4 Database Services > 4.4 MySQL Database > 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server
- CIS v2.0.0 > 4 Database Services > 4.4 MySQL Database > 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
- CIS v2.0.0 > 4 Database Services > 4.4 MySQL Database > 4.4.3 Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server
- CIS v2.0.0 > 4 Database Services > 4.4 MySQL Database > 4.4.4 Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server
- CIS v2.1.0 > 4 Database Services > 4.4 MySQL Database > 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server
- CIS v2.1.0 > 4 Database Services > 4.4 MySQL Database > 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
- CIS v2.1.0 > 4 Database Services > 4.4 MySQL Database > 4.4.3 Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server
- CIS v2.1.0 > 4 Database Services > 4.4 MySQL Database > 4.4.4 Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server
- Enforce SSL connection should be enabled for MySQL database servers
- Geo-redundant backup should be enabled for Azure Database for MySQL
- Infrastructure encryption should be enabled for Azure Database for MySQL servers
- MySQL servers should use customer-managed keys to encrypt data at rest
- PostgreSQL servers should use customer-managed keys to encrypt data at rest
- Private endpoint should be enabled for MySQL servers
- Public network access should be disabled for MySQL servers
Schema for azure_mysql_server
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| administrator_login | text | Specifies the username of the administrator for this server. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| backup_retention_days | bigint | Backup retention days for the server. | |
| byok_enforcement | text | Status showing whether the server data encryption is enabled with customer-managed keys. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| earliest_restore_date | timestamp with time zone | Specifies the earliest restore point creation time. | |
| fully_qualified_domain_name | text | The fully qualified domain name of the server. | |
| geo_redundant_backup | text | Indicates whether Geo-redundant is enabled, or not for server backup. | |
| id | text | Contains ID to identify a server uniquely. | |
| infrastructure_encryption | text | Status showing whether the server enabled infrastructure encryption. Possible values include: 'Enabled', 'Disabled'. | |
| location | text | The resource location. | |
| master_server_id | text | The master server id of a replica server. | |
| minimal_tls_version | text | Enforce a minimal Tls version for the server. Possible values include: 'TLS10', 'TLS11', 'TLS12', 'TLSEnforcementDisabled'. | |
| name | text | = | The friendly name that identifies the server. |
| private_endpoint_connections | jsonb | A list of private endpoint connections on a server. | |
| public_network_access | text | Indicates whether or not public network access is allowed for this server. Value is optional but if passed in, must be 'Enabled' or 'Disabled'. Possible values include: 'Enabled', 'Disabled'. | |
| region | text | The Azure region/location in which the resource is located. | |
| replica_capacity | bigint | The maximum number of replicas that a master server can have. | |
| replication_role | text | The replication role of the server. | |
| resource_group | text | = | The resource group which holds this resource. |
| server_configurations | jsonb | The server configurations(parameters) details of the server. | |
| server_keys | jsonb | The server keys of the server. | |
| server_security_alert_policy | jsonb | Security alert policy associated with the MySQL Server. | |
| sku_capacity | bigint | The scale up/out capacity, representing server's compute units. | |
| sku_family | text | The family of hardware. | |
| sku_name | text | The name of the sku. For example: 'B_Gen4_1', 'GP_Gen5_8'. | |
| sku_size | text | The size code, to be interpreted by resource as appropriate. | |
| sku_tier | text | The tier of the particular SKU. Possible values include: 'Basic', 'GeneralPurpose', 'MemoryOptimized'. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| ssl_enforcement | text | Enable ssl enforcement or not when connect to server. Possible values include: 'Enabled', 'Disabled'. | |
| state | text | The state of the server. | |
| storage_auto_grow | text | Indicates whether storage auto grow is enabled, or not. | |
| storage_mb | bigint | Indicates max storage allowed for a server. | |
| subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
| tags | jsonb | A map of tags for the resource. | |
| title | text | Title of the resource. | |
| type | text | The resource type of the server. | |
| user_visible_state | text | A state of a server that is visible to user. Possible values include: 'Ready', 'Dropping', 'Disabled', 'Inaccessible'. | |
| version | text | Specifies the version of the server. | |
| vnet_rules | jsonb | Rules represented by VNET. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_mysql_server