turbot/azure

GitHub
steampipe plugin install azuresteampipe plugin install azure
azure_ad_groupazure_ad_service_principalazure_ad_userazure_api_managementazure_app_configurationazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_application_gatewayazure_application_security_groupazure_batch_accountazure_cognitive_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_accessazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_virtual_machineazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_compute_virtual_machine_scale_set_vmazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_databaseazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_databox_edge_deviceazure_diagnostic_settingazure_eventgrid_domainazure_eventgrid_topicazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_frontdoorazure_hdinsight_clusterazure_healthcare_serviceazure_hpc_cacheazure_hybrid_compute_machineazure_hybrid_kubernetes_connected_clusterazure_iothubazure_iothub_dpsazure_key_vaultazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_kusto_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_locationazure_log_alertazure_log_profileazure_logic_app_workflowazure_machine_learning_workspaceazure_management_groupazure_management_lockazure_mariadb_serverazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mssql_virtual_machineazure_mysql_flexible_serverazure_mysql_serverazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_serverazure_providerazure_public_ipazure_recovery_services_vaultazure_redis_cacheazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_automationazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_sub_assessmentazure_security_center_subscription_pricingazure_service_fabric_clusterazure_servicebus_namespaceazure_signalr_serviceazure_spring_cloud_serviceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_share_fileazure_storage_syncazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_synapse_workspaceazure_tenantazure_virtual_networkazure_virtual_network_gatewayindex

Table: azure_storage_account

An Azure storage account contains all of your Azure Storage data objects: blobs, files, queues, tables, and disks.

Examples

Basic info

select
name,
sku_name,
sku_tier,
primary_location,
secondary_location
from
azure_storage_account;

List storage accounts with versioning disabled

select
name,
blob_versioning_enabled
from
azure_storage_account
where
not blob_versioning_enabled;

List storage accounts with blob soft delete disabled

select
name,
blob_soft_delete_enabled,
blob_soft_delete_retention_days
from
azure_storage_account
where
not blob_soft_delete_enabled;

List storage accounts that allow blob public access

select
name,
allow_blob_public_access
from
azure_storage_account
where
allow_blob_public_access;

List storage accounts with encryption in transit disabled

select
name,
enable_https_traffic_only
from
azure_storage_account
where
not enable_https_traffic_only;

List storage accounts that do not have a cannot-delete lock

select
sg.name,
ml.scope,
ml.lock_level,
ml.notes
from
azure_storage_account as sg
left join azure_management_lock as ml on lower(sg.id) = lower(ml.scope)
where
(
(ml.lock_level is null)
or(ml.lock_level = 'ReadOnly')
);

List storage accounts with queue logging enabled

select
name,
queue_logging_delete,
queue_logging_read,
queue_logging_write
from
azure_storage_account
where
queue_logging_delete
and queue_logging_read
and queue_logging_write;

List storage accounts without lifecycle

select
name,
lifecycle_management_policy -> 'properties' -> 'policy' -> 'rules' as lifecycle_rules
from
azure_storage_account
where
lifecycle_management_policy -> 'properties' -> 'policy' -> 'rules' is null;

List diagnostic settings details

select
name,
jsonb_pretty(diagnostic_settings) as diagnostic_settings
from
azure_storage_account;

Query examples

Control examples

.inspect azure_storage_account

Azure Storage Account

NameTypeDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
access_tiertextThe access tier used for billing.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
allow_blob_public_accessbooleanSpecifies whether allow or disallow public access to all blobs or containers in the storage account.
blob_change_feed_enabledbooleanSpecifies whether change feed event logging is enabled for the Blob service.
blob_container_soft_delete_enabledbooleanSpecifies whether DeleteRetentionPolicy is enabled.
blob_container_soft_delete_retention_daysbigintIndicates the number of days that the deleted item should be retained.
blob_restore_policy_daysbigintSpecifies how long the blob can be restored.
blob_restore_policy_enabledbooleanSpecifies whether blob restore is enabled.
blob_service_loggingjsonbSpecifies the blob service properties for logging access.
blob_soft_delete_enabledbooleanSpecifies whether DeleteRetentionPolicy is enabled.
blob_soft_delete_retention_daysbigintIndicates the number of days that the deleted item should be retained.
blob_versioning_enabledbooleanSpecifies whether versioning is enabled.
cloud_environmenttextThe Azure Cloud Environment.
creation_timetimestamp with time zoneCreation date and time of the storage account.
diagnostic_settingsjsonbA list of active diagnostic settings for the storage account.
enable_https_traffic_onlybooleanAllows https traffic only to storage service if sets to true.
encryption_key_sourcetextContains the encryption keySource (provider).
encryption_key_vault_properties_key_current_version_idtextThe object identifier of the current versioned Key Vault Key in use.
encryption_key_vault_properties_key_nametextThe name of KeyVault key.
encryption_key_vault_properties_key_vault_uritextThe Uri of KeyVault.
encryption_key_vault_properties_key_versiontextThe version of KeyVault key.
encryption_key_vault_properties_last_rotation_timetimestamp with time zoneTimestamp of last rotation of the Key Vault Key.
encryption_scopejsonbEncryption scope details for the storage account.
encryption_servicesjsonbA list of services which support encryption.
failover_in_progressbooleanSpecifies whether the failover is in progress.
file_soft_delete_enabledbooleanSpecifies whether DeleteRetentionPolicy is enabled.
file_soft_delete_retention_daysbigintIndicates the number of days that the deleted item should be retained.
idtextContains ID to identify a storage account uniquely.
is_hns_enabledbooleanSpecifies whether account HierarchicalNamespace is enabled.
kindtextThe kind of the resource.
lifecycle_management_policyjsonbThe managementpolicy associated with the specified storage account.
minimum_tls_versiontextContains the minimum TLS version to be permitted on requests to storage.
nametextThe friendly name that identifies the storage account.
network_ip_rulesjsonbA list of IP ACL rules.
network_rule_bypasstextSpecifies whether traffic is bypassed for Logging/Metrics/AzureServices.
network_rule_default_actiontextSpecifies the default action of allow or deny when no other rules match.
primary_blob_endpointtextContains the blob endpoint.
primary_dfs_endpointtextContains the dfs endpoint.
primary_file_endpointtextContains the file endpoint.
primary_locationtextContains the location of the primary data center for the storage account.
primary_queue_endpointtextContains the queue endpoint.
primary_table_endpointtextContains the table endpoint.
primary_web_endpointtextContains the web endpoint.
private_endpoint_connectionsjsonbA list of private endpoint connection associated with the specified storage account.
provisioning_statetextThe provisioning state of the virtual network resource.
queue_logging_deletebooleanSpecifies whether all delete requests should be logged.
queue_logging_readbooleanSpecifies whether all read requests should be logged.
queue_logging_retention_daysbigintIndicates the number of days that metrics or logging data should be retained.
queue_logging_retention_enabledbooleanSpecifies whether a retention policy is enabled for the storage service.
queue_logging_versiontextThe version of Storage Analytics to configure.
queue_logging_writebooleanSpecifies whether all write requests should be logged.
regiontextThe Azure region/location in which the resource is located.
require_infrastructure_encryptionbooleanSpecifies whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
resource_grouptextThe resource group which holds this resource.
secondary_locationtextContains the location of the geo-replicated secondary for the storage account.
sku_nametextContains sku name of the storage account.
sku_tiertextContains sku tier of the storage account.
subscription_idtextThe Azure Subscription ID in which the resource is located.
tagsjsonbA map of tags for the resource.
titletextTitle of the resource.
typetextType of the resource.
virtual_network_rulesjsonbA list of virtual network rules.