turbot/azure

steampipe plugin install azuresteampipe plugin install azure
azure_ad_groupazure_ad_service_principalazure_ad_userazure_api_managementazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_application_security_groupazure_batch_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_virtual_machineazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_databaseazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_diagnostic_settingazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_iothubazure_key_vaultazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_locationazure_log_alertazure_log_profileazure_logic_app_workflowazure_management_lockazure_mariadb_serverazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mysql_serverazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_serverazure_providerazure_public_ipazure_recovery_services_vaultazure_redis_cacheazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_subscription_pricingazure_servicebus_namespaceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_tenantazure_virtual_networkazure_virtual_network_gateway

Table: azure_policy_assignment

Policy assignments are used by Azure Policy to define which resources are assigned which policies or initiatives in a subscription.

Examples

Basic info

select
id,
policy_definition_id,
name,
type
from
azure_policy_assignment;

Get SQL auditing and threat detection monitoring status for the subscription

select
id,
policy_definition_id,
display_name,
parameters -> 'sqlAuditingMonitoringEffect' -> 'value' as sqlAuditingMonitoringEffect
from
azure_policy_assignment;

Get SQL encryption monitoring status for the subscription

select
id,
policy_definition_id,
display_name,
parameters -> 'sqlEncryptionMonitoringEffect' -> 'value' as sqlEncryptionMonitoringEffect
from
azure_policy_assignment;

Query examples

.inspect azure_policy_assignment

Azure Policy Assignment

NameTypeDescription
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
descriptiontextThis message will be part of response in case of policy violation.
display_nametextThe display name of the policy assignment.
enforcement_modetextThe policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
idtextThe ID of the policy assignment.
identityjsonbThe managed identity associated with the policy assignment.
metadatajsonbThe policy assignment metadata.
nametextThe name of the policy assignment.
not_scopesjsonbThe policy's excluded scopes.
parametersjsonbThe parameter values for the assigned policy rule.
policy_definition_idtextThe ID of the policy definition or policy set definition being assigned.
scopetextThe scope for the policy assignment.
sku_nametextThe name of the policy sku.
sku_tiertextThe policy sku tier.
subscription_idtextThe Azure Subscription ID in which the resource is located.
titletextTitle of the resource.
typetextThe type of the policy assignment.