Table: azure_policy_definition - Query Azure Policy Definitions using SQL
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy does this by running evaluations of your resources and scanning for those not compliant with the policies you have created.
Table Usage Guide
The azure_policy_definition table provides insights into policy definitions within Azure Policy. As a security analyst, explore policy-specific details through this table, including policy rules, effects, and associated metadata. Utilize it to uncover information about policies, such as those with specific effects, the relationships between policies, and the verification of policy rules.
Examples
Basic info
Explore the policies defined within your Azure environment to better understand their purpose and type. This can be beneficial to gain insights into your current security configurations and to identify areas for potential improvement.
select id, name, display_name, type, jsonb_pretty(policy_rule) as policy_rulefrom azure_policy_definition;select id, name, display_name, type, policy_rulefrom azure_policy_definition;Get the policy definition by display name
Determine the specifics of a policy definition based on its display name. This is particularly useful in scenarios where you need to understand the details of a policy without having to navigate through multiple layers of your Azure policy definitions.
select id, name, display_name, type, jsonb_pretty(policy_rule) as policy_rulefrom azure_policy_definitionwhere display_name = 'Private endpoint connections on Batch accounts should be enabled';select id, name, display_name, type, policy_rulefrom azure_policy_definitionwhere display_name = 'Private endpoint connections on Batch accounts should be enabled';Schema for azure_policy_definition
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| description | text | The policy definition description. | |
| display_name | text | The user-friendly display name of the policy definition. | |
| id | text | The ID of the policy definition. | |
| metadata | jsonb | The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. | |
| mode | text | The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. | |
| name | text | The name of the policy definition. | |
| parameters | jsonb | The parameter definitions for parameters used in the policy rule. The keys are the parameter names. | |
| policy_rule | jsonb | The policy rule. | |
| policy_type | text | The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. Possible values include: 'NotSpecified', 'BuiltIn', 'Custom', 'Static'. | |
| subscription_id | text | The Azure Subscription ID in which the resource is located. | |
| title | text | Title of the resource. | |
| type | text | The type of the resource (Microsoft.Authorization/policyDefinitions). |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_policy_definition