Connection-level qualifiers for faster queries and lower API load →
Steampipe logo 
Hub
Plugins
turbot/azure
Overview
167Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install azure

Table: azure_private_endpoint - Query Azure Private Endpoints using SQL

A Private Endpoint in Azure is a network interface that connects privately and securely to a service powered by Azure Private Link. This enables access to Azure services and resources over a private IP address in a virtual network (VNet), which helps to secure network traffic.

Table Usage Guide

The azure_private_endpoint table provides insights into Private Endpoints within Azure. As an Infrastructure Engineer, explore detailed information about each private endpoint through this table, including its IP configurations, associated network interfaces, and connection details. Use this table to manage and optimize your private endpoint configurations, ensuring secure and efficient communication between your Azure resources.

Examples

Basic private endpoint information

Explore the configuration of your Azure private endpoint to gain insights into your private IP address details and associated network interfaces. This can help you understand your endpoint configurations and manage your network resources effectively.

select
  name,
  ip ->> 'name' as config_name,
  ip -> 'PrivateEndpointIPConfigurationProperties' ->> 'PrivateIPAddress' as private_ip_address,
  ip -> 'PrivateEndpointIPConfigurationProperties' as private_ip_configuration,
  ip -> 'properties' ->> 'Name' as private_ip_name,
  ip -> 'properties' ->> 'Type' as private_ip_type
from
  azure_private_endpoint
  cross join jsonb_array_elements(ip_configurations) as ip;
select
  name,
  json_extract(ip.value, '$.name') as config_name,
  json_extract(
    ip.value,
    '$.PrivateEndpointIPConfigurationProperties.PrivateIPAddress'
  ) as private_ip_address,
  json_extract(
    ip.value,
    '$.PrivateEndpointIPConfigurationProperties'
  ) as private_ip_configuration,
  json_extract(ip.value, '$.Type') as private_ip_type
from
  azure_private_endpoint,
  json_each(ip_configurations) as ip;

Find all private endpoints in a specific subnet

Determine the areas in which your Azure private endpoints are allocated within a specific subnet. This is useful for understanding how your network resources are distributed and identifying potential areas of congestion or security vulnerabilities.

select
  name,
  ip ->> 'name' as config_name,
  ip -> 'PrivateEndpointIPConfigurationProperties' ->> 'PrivateIPAddress' as private_ip_address
from
  azure_private_endpoint
  cross join jsonb_array_elements(ip_configurations) as ip
where
  ip -> 'PrivateEndpointIPConfigurationProperties' ->> 'PrivateIPAddress' like '10.66.0.%';
select
  name,
  json_extract(ip.value, '$.name') as config_name,
  json_extract(
    ip.value,
    '$.PrivateEndpointIPConfigurationProperties.PrivateIPAddress'
  ) as private_ip_address
from
  azure_private_endpoint,
  json_each(ip_configurations) as ip
where
  json_extract(
    ip.value,
    '$.PrivateEndpointIPConfigurationProperties.PrivateIPAddress'
  ) like '10.66.0.%';

Application security groups attached to each private endpoint

Explore which application security groups are linked to each private endpoint in your Azure environment. This can help in managing and improving the security posture of your network.

select
  name,
  jsonb_array_elements(application_security_groups) ->> 'id' as security_group_id
from
  azure_private_endpoint;
select
  name,
  json_extract(security_group.value, '$.id') as security_group_id
from
  azure_private_endpoint,
  json_each(application_security_groups) as security_group;

Custom DNS configurations

List the custom DNS configurations associated with each private endpoint.

select
  name,
  jsonb_array_elements(custom_dns_configs) ->> 'Fqdn' as fqdn,
  jsonb_array_elements(custom_dns_configs) ->> 'IPAddresses' as ip_addresses
from
  azure_private_endpoint;
select
  name,
  json_extract(dns_config.value, '$.Fqdn') as fqdn,
  json_extract(dns_config.value, '$.IPAddresses') as ip_addresses
from
  azure_private_endpoint,
  json_each(custom_dns_configs) as dns_config;

Extended location information

Retrieve the extended location information for each private endpoint.

select
  name,
  extended_location ->> 'name' as extended_location_name,
  extended_location ->> 'type' as extended_location_type
from
  azure_private_endpoint;
select
  name,
  json_extract(extended_location, '$.name') as extended_location_name,
  json_extract(extended_location, '$.type') as extended_location_type
from
  azure_private_endpoint;

Schema for azure_private_endpoint

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
application_security_groupsjsonbApplication security groups in which the private endpoint IP configuration is included.
cloud_environmenttextThe Azure Cloud Environment.
custom_dns_configsjsonbAn array of custom DNS configurations.
custom_network_interface_nametextThe custom name of the network interface attached to the private endpoint.
etagtextA unique read-only string that changes whenever the resource is updated.
extended_locationjsonbThe extended location of the private endpoint.
idtextThe ID of the private endpoint.
ip_configurationsjsonbA list of IP configurations of the private endpoint.
locationtextThe location of the private endpoint.
manual_private_link_service_connectionsjsonbA grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource.
nametext=The name of the private endpoint.
network_interfacesjsonbAn array of references to the network interfaces created for this private endpoint.
private_link_service_connectionsjsonbA grouping of information about the connection to the remote resource.
provisioning_statetextThe provisioning state of the private endpoint resource.
regiontextThe Azure region where the resource is located.
resource_grouptext=The resource group in which the resource is located.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
subnettextThe ID of the subnet from which the private IP will be allocated.
subscription_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Subscription ID in which the resource is located.
tagsjsonbTags associated with the resource.
titletextTitle of the resource.
typetextThe type of the private endpoint.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_private_endpoint