Table: azure_storage_account - Query Azure Storage Accounts using SQL
Azure Storage Account is a service within Microsoft Azure that provides scalable and secure data storage. It offers services like Blob Storage, File Storage, Queue Storage, and Table Storage. Azure Storage Account supports both Standard and Premium storage account types, allowing users to store large amounts of unstructured and structured data.
Table Usage Guide
The azure_storage_account
table provides insights into Storage Accounts within Microsoft Azure. As a Cloud Architect or DevOps engineer, explore account-specific details through this table, including the storage account type, creation date, access tier, and associated metadata. Utilize it to uncover information about storage accounts, such as their replication strategy, the network rules set, and the status of secure transfer.
Examples
Basic info
Explore the different tiers and locations of your Azure storage accounts. This can help you understand your storage distribution and make informed decisions about resource allocation.
select name, sku_name, sku_tier, primary_location, secondary_locationfrom azure_storage_account;
select name, sku_name, sku_tier, primary_location, secondary_locationfrom azure_storage_account;
List storage accounts with versioning disabled
Explore which Azure storage accounts have not enabled blob versioning. This is useful for identifying potential vulnerabilities in data backup and recovery systems.
select name, blob_versioning_enabledfrom azure_storage_accountwhere not blob_versioning_enabled;
select name, blob_versioning_enabledfrom azure_storage_accountwhere blob_versioning_enabled is not 1;
List storage accounts with blob soft delete disabled
Determine the areas in which storage accounts have the blob soft delete feature disabled. This is useful for identifying potential risk points where data might be permanently lost if accidentally deleted.
select name, blob_soft_delete_enabled, blob_soft_delete_retention_daysfrom azure_storage_accountwhere not blob_soft_delete_enabled;
select name, blob_soft_delete_enabled, blob_soft_delete_retention_daysfrom azure_storage_accountwhere not blob_soft_delete_enabled;
List storage accounts that allow blob public access
Determine the areas in which your Azure storage accounts are configured to allow public access to blobs. This can be used to identify potential security risks and ensure appropriate access controls are in place.
select name, allow_blob_public_accessfrom azure_storage_accountwhere allow_blob_public_access;
select name, allow_blob_public_accessfrom azure_storage_accountwhere allow_blob_public_access;
List storage accounts with encryption in transit disabled
Determine the areas in which data security may be compromised due to the lack of encryption during data transit in your Azure storage accounts. This query is useful to identify potential vulnerabilities and enhance your security measures.
select name, enable_https_traffic_onlyfrom azure_storage_accountwhere not enable_https_traffic_only;
select name, enable_https_traffic_onlyfrom azure_storage_accountwhere enable_https_traffic_only = 0;
List storage accounts that do not have a cannot-delete lock
Determine the areas in which storage accounts in Azure lack a 'cannot-delete' lock, which could potentially leave them vulnerable to unintentional deletion or modification. This query is useful for identifying and rectifying potential security risks within your storage management system.
select sg.name, ml.scope, ml.lock_level, ml.notesfrom azure_storage_account as sg left join azure_management_lock as ml on lower(sg.id) = lower(ml.scope)where ( (ml.lock_level is null) or(ml.lock_level = 'ReadOnly') );
select sg.name, ml.scope, ml.lock_level, ml.notesfrom azure_storage_account as sg left join azure_management_lock as ml on lower(sg.id) = lower(ml.scope)where ( (ml.lock_level is null) or(ml.lock_level = 'ReadOnly') );
List storage accounts with queue logging enabled
Discover the segments that have all types of queue logging enabled in their Azure storage accounts. This is useful to assess the storage accounts that are actively tracking and recording all queue activities for auditing or troubleshooting purposes.
select name, queue_logging_delete, queue_logging_read, queue_logging_writefrom azure_storage_accountwhere queue_logging_delete and queue_logging_read and queue_logging_write;
select name, queue_logging_delete, queue_logging_read, queue_logging_writefrom azure_storage_accountwhere queue_logging_delete = 1 and queue_logging_read = 1 and queue_logging_write = 1;
List storage accounts without lifecycle
Determine the storage accounts that lack a lifecycle management policy. This is useful for identifying potential risks or inefficiencies related to data retention and storage management.
select name, lifecycle_management_policy -> 'properties' -> 'policy' -> 'rules' as lifecycle_rulesfrom azure_storage_accountwhere lifecycle_management_policy -> 'properties' -> 'policy' -> 'rules' is null;
select name, json_extract( lifecycle_management_policy, '$.properties.policy.rules' ) as lifecycle_rulesfrom azure_storage_accountwhere json_extract( lifecycle_management_policy, '$.properties.policy.rules' ) is null;
List diagnostic settings details
Explore the diagnostic settings of your Azure storage accounts to gain insights into their configurations. This is beneficial to ensure optimal settings are in use for efficient data storage and management.
select name, jsonb_pretty(diagnostic_settings) as diagnostic_settingsfrom azure_storage_account;
select name, diagnostic_settingsfrom azure_storage_account;
List storage accounts with replication but unavailable secondary
Determine the areas in which Azure storage accounts have available primary status but unavailable secondary status, specifically within the 'Standard_GRS' and 'Standard_RAGRS' SKU categories. This is useful for identifying potential risk areas in your storage infrastructure where data replication might not be functioning as expected.
select name, status_of_primary, status_of_secondary, sku_namefrom azure_storage_accountwhere status_of_primary = 'available' and status_of_secondary != 'available' and sku_name in ('Standard_GRS', 'Standard_RAGRS');
select name, status_of_primary, status_of_secondary, sku_namefrom azure_storage_accountwhere status_of_primary = 'available' and status_of_secondary != 'available' and sku_name in ('Standard_GRS', 'Standard_RAGRS');
Get table properties of storage accounts
Explore the properties of your storage accounts to gain insights into their configuration. This can help you understand and manage your access and retention policies, as well as monitor their usage metrics.
select name, table_properties -> 'Cors' as table_logging_cors, table_properties -> 'Logging' -> 'Read' as table_logging_read, table_properties -> 'Logging' -> 'Write' as table_logging_write, table_properties -> 'Logging' -> 'Delete' as table_logging_delete, table_properties -> 'Logging' ->> 'Version' as table_logging_version, table_properties -> 'Logging' -> 'RetentionPolicy' as table_logging_retention_policy, table_properties -> 'HourMetrics' -> 'Enabled' as table_hour_metrics_enabled, table_properties -> 'HourMetrics' -> 'IncludeAPIs' as table_hour_metrics_include_ap_is, table_properties -> 'HourMetrics' ->> 'Version' as table_hour_metrics_version, table_properties -> 'HourMetrics' -> 'RetentionPolicy' as table_hour_metrics_retention_policy, table_properties -> 'MinuteMetrics' -> 'Enabled' as table_minute_metrics_enabled, table_properties -> 'MinuteMetrics' -> 'IncludeAPIs' as table_minute_metrics_include_ap_is, table_properties -> 'MinuteMetrics' ->> 'Version' as table_minute_metrics_version, table_properties -> 'MinuteMetrics' -> 'RetentionPolicy' as table_minute_metrics_retention_policyfrom azure_storage_account;
select name, json_extract(table_properties, '$.Cors') as table_logging_cors, json_extract(table_properties, '$.Logging.Read') as table_logging_read, json_extract(table_properties, '$.Logging.Write') as table_logging_write, json_extract(table_properties, '$.Logging.Delete') as table_logging_delete, json_extract(table_properties, '$.Logging.Version') as table_logging_version, json_extract(table_properties, '$.Logging.RetentionPolicy') as table_logging_retention_policy, json_extract(table_properties, '$.HourMetrics.Enabled') as table_hour_metrics_enabled, json_extract(table_properties, '$.HourMetrics.IncludeAPIs') as table_hour_metrics_include_ap_is, json_extract(table_properties, '$.HourMetrics.Version') as table_hour_metrics_version, json_extract(table_properties, '$.HourMetrics.RetentionPolicy') as table_hour_metrics_retention_policy, json_extract(table_properties, '$.MinuteMetrics.Enabled') as table_minute_metrics_enabled, json_extract(table_properties, '$.MinuteMetrics.IncludeAPIs') as table_minute_metrics_include_ap_is, json_extract(table_properties, '$.MinuteMetrics.Version') as table_minute_metrics_version, json_extract( table_properties, '$.MinuteMetrics.RetentionPolicy' ) as table_minute_metrics_retention_policyfrom azure_storage_account;
Query examples
- batch_accounts_for_storage_account
- key_vault_keys_for_storage_account
- key_vault_vaults_for_storage_account
- network_subnets_for_storage_account
- network_virtual_networks_for_storage_account
- storage_account_1_year_count
- storage_account_24_hours_count
- storage_account_30_90_days_count
- storage_account_30_days_count
- storage_account_90_365_days_count
- storage_account_access_tier
- storage_account_blob_configurations
- storage_account_blob_encryption_service
- storage_account_blob_logging
- storage_account_blob_public_access
- storage_account_blob_public_access_enabled_count
- storage_account_blob_soft_delete
- storage_account_blob_soft_delete_disabled_count
- storage_account_by_access_tier
- storage_account_by_region
- storage_account_count
- storage_account_file_encryption_service
- storage_account_https_traffic
- storage_account_https_traffic_disabled_count
- storage_account_infrastructure_encryption_disabled_count
- storage_account_kind
- storage_account_queue_logging
- storage_account_sku
- storage_account_tags
- storage_account_unrestricted_network_access_count
- storage_account_virtual_network_rules
- storage_storage_accounts_for_compute_disk
- storage_storage_accounts_for_key_vault_key
- storage_storage_accounts_for_network_subnet
- torage_account_by_subscription
Control examples
- All Controls > Monitor > Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
- All Controls > Storage > Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
- All Controls > Storage > Ensure soft delete is enabled for Azure Storage
- All Controls > Storage > Ensure Storage logging is enabled for Blob service for read, write, and delete requests
- All Controls > Storage > Ensure Storage logging is enabled for Queue service for read, write, and delete requests
- All Controls > Storage > Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' requests
- All Controls > Storage > Ensure that 'Public access level' is set to Private for blob containers
- All Controls > Storage > Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'
- All Controls > Storage > Storage account containing VHD OS disk not encrypted with CMK
- All Controls > Storage > Storage account logging (Classic Diagnostic Setting) for blobs should be enabled
- All Controls > Storage > Storage account logging (Classic Diagnostic Setting) for queues should be enabled
- All Controls > Storage > Storage account logging (Classic Diagnostic Setting) for tables should be enabled
- CIS v1.3.0 > 3 Storage Accounts > 3.1 Ensure that 'Secure transfer required' is set to 'Enabled'
- CIS v1.3.0 > 3 Storage Accounts > 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests
- CIS v1.3.0 > 3 Storage Accounts > 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests
- CIS v1.3.0 > 3 Storage Accounts > 3.5 Ensure that 'Public access level' is set to Private for blob containers
- CIS v1.3.0 > 3 Storage Accounts > 3.6 Ensure default network access rule for Storage Accounts is set to deny
- CIS v1.3.0 > 3 Storage Accounts > 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access
- CIS v1.3.0 > 3 Storage Accounts > 3.8 Ensure soft delete is enabled for Azure Storage
- CIS v1.3.0 > 3 Storage Accounts > 3.9 Ensure storage for critical data are encrypted with Customer Managed Key
- CIS v1.3.0 > 5 Logging and Monitoring > 5.1 Configuring Diagnostic Settings > 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key)
- CIS v1.4.0 > 3 Storage Accounts > 3.1 Ensure that 'Secure transfer required' is set to 'Enabled'
- CIS v1.4.0 > 3 Storage Accounts > 3.10 Ensure Storage logging is enabled for Blob service for 'Read', 'Write', and 'Delete' requests
- CIS v1.4.0 > 3 Storage Accounts > 3.12 Ensure the 'Minimum TLS version' is set to 'Version 1.2'
- CIS v1.4.0 > 3 Storage Accounts > 3.3 Ensure Storage logging is enabled for Queue service for 'Read', 'Write', and 'Delete' requests
- CIS v1.4.0 > 3 Storage Accounts > 3.5 Ensure that 'Public access level' is set to Private for blob containers
- CIS v1.4.0 > 3 Storage Accounts > 3.6 Ensure default network access rule for Storage Accounts is set to deny
- CIS v1.4.0 > 3 Storage Accounts > 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access
- CIS v1.4.0 > 3 Storage Accounts > 3.8 Ensure soft delete is enabled for Azure Storage
- CIS v1.4.0 > 3 Storage Accounts > 3.9 Ensure storage for critical data are encrypted with Customer Managed Key
- CIS v1.4.0 > 5 Logging and Monitoring > 5.1 Configuring Diagnostic Settings > 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key)
- CIS v1.5.0 > 3 Storage Accounts > 3.1 Ensure that 'Secure transfer required' is set to 'Enabled'
- CIS v1.5.0 > 3 Storage Accounts > 3.10 Ensure Private Endpoints are used to access Storage Accounts
- CIS v1.5.0 > 3 Storage Accounts > 3.11 Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
- CIS v1.5.0 > 3 Storage Accounts > 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
- CIS v1.5.0 > 3 Storage Accounts > 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests
- CIS v1.5.0 > 3 Storage Accounts > 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests
- CIS v1.5.0 > 3 Storage Accounts > 3.15 Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'
- CIS v1.5.0 > 3 Storage Accounts > 3.2 Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to ‘enabled’
- CIS v1.5.0 > 3 Storage Accounts > 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' request
- CIS v1.5.0 > 3 Storage Accounts > 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers
- CIS v1.5.0 > 3 Storage Accounts > 3.8 Ensure Default Network Access Rule for Storage Accounts is Set to Deny
- CIS v1.5.0 > 3 Storage Accounts > 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
- CIS v1.5.0 > 5 Logging and Monitoring > 5.1 Configuring Diagnostic Settings > 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
- CIS v2.0.0 > 3 Storage Accounts > 3.1 Ensure that 'Secure transfer required' is set to 'Enabled'
- CIS v2.0.0 > 3 Storage Accounts > 3.10 Ensure Private Endpoints are used to access Storage Accounts
- CIS v2.0.0 > 3 Storage Accounts > 3.11 Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
- CIS v2.0.0 > 3 Storage Accounts > 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
- CIS v2.0.0 > 3 Storage Accounts > 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests
- CIS v2.0.0 > 3 Storage Accounts > 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests
- CIS v2.0.0 > 3 Storage Accounts > 3.15 Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'
- CIS v2.0.0 > 3 Storage Accounts > 3.2 Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled'
- CIS v2.0.0 > 3 Storage Accounts > 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests
- CIS v2.0.0 > 3 Storage Accounts > 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers
- CIS v2.0.0 > 3 Storage Accounts > 3.8 Ensure Default Network Access Rule for Storage Accounts is Set to Deny
- CIS v2.0.0 > 3 Storage Accounts > 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
- CIS v2.0.0 > 5 Logging and Monitoring > 5.1 Configuring Diagnostic Settings > 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
- CIS v2.1.0 > 3 Storage Accounts > 3.1 Ensure that 'Secure transfer required' is set to 'Enabled'
- CIS v2.1.0 > 3 Storage Accounts > 3.10 Ensure Private Endpoints are used to access Storage Accounts
- CIS v2.1.0 > 3 Storage Accounts > 3.11 Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
- CIS v2.1.0 > 3 Storage Accounts > 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
- CIS v2.1.0 > 3 Storage Accounts > 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests
- CIS v2.1.0 > 3 Storage Accounts > 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests
- CIS v2.1.0 > 3 Storage Accounts > 3.15 Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'
- CIS v2.1.0 > 3 Storage Accounts > 3.17 Ensure that `Allow Blob Anonymous Access` is set to `Disabled`
- CIS v2.1.0 > 3 Storage Accounts > 3.2 Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled'
- CIS v2.1.0 > 3 Storage Accounts > 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests
- CIS v2.1.0 > 3 Storage Accounts > 3.7 Ensure that 'Public Network Access' is `Disabled' for storage accounts
- CIS v2.1.0 > 3 Storage Accounts > 3.8 Ensure Default Network Access Rule for Storage Accounts is Set to Deny
- CIS v2.1.0 > 3 Storage Accounts > 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
- CIS v2.1.0 > 5 Logging and Monitoring > 5.1 Configuring Diagnostic Settings > 5.1.3 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
- CIS v3.0.0 > 4 Storage Accounts > 4.1 Ensure that 'Secure transfer required' is set to 'Enabled'
- CIS v3.0.0 > 4 Storage Accounts > 4.10 Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
- CIS v3.0.0 > 4 Storage Accounts > 4.11 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
- CIS v3.0.0 > 4 Storage Accounts > 4.12 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests
- CIS v3.0.0 > 4 Storage Accounts > 4.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests
- CIS v3.0.0 > 4 Storage Accounts > 4.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests
- CIS v3.0.0 > 4 Storage Accounts > 4.15 Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'
- CIS v3.0.0 > 4 Storage Accounts > 4.17 Ensure that `Allow Blob Anonymous Access` is set to `Disabled`
- CIS v3.0.0 > 4 Storage Accounts > 4.2 Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled'
- CIS v3.0.0 > 4 Storage Accounts > 4.6 Ensure that 'Public Network Access' is `Disabled' for storage accounts
- CIS v3.0.0 > 4 Storage Accounts > 4.7 Ensure Default Network Access Rule for Storage Accounts is Set to Deny
- CIS v3.0.0 > 4 Storage Accounts > 4.8 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
- CIS v3.0.0 > 4 Storage Accounts > 4.9 Ensure Private Endpoints are used to access Storage Accounts
- CIS v3.0.0 > 6 Logging and Monitoring > 6.1 Configuring Diagnostic Settings > 6.1.3 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
- Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
- Geo-redundant storage should be enabled for Storage Accounts
- Secure transfer to storage accounts should be enabled
- Storage account encryption scopes should use customer-managed keys to encrypt data at rest
- Storage account public access should be disallowed
- Storage accounts should be migrated to new Azure Resource Manager resources
- Storage accounts should have infrastructure encryption
- Storage accounts should restrict network access
- Storage accounts should restrict network access using virtual network rules
- Storage Accounts should use a virtual network service endpoint
- Storage accounts should use customer-managed key for encryption
- Storage accounts should use private link
Schema for azure_storage_account
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
access_keys | jsonb | The list of access keys or Kerberos keys (if active directory enabled) for the specified storage account. | |
access_tier | text | The access tier used for billing. | |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
allow_blob_public_access | boolean | Specifies whether allow or disallow public access to all blobs or containers in the storage account. | |
blob_change_feed_enabled | boolean | Specifies whether change feed event logging is enabled for the Blob service. | |
blob_container_soft_delete_enabled | boolean | Specifies whether DeleteRetentionPolicy is enabled. | |
blob_container_soft_delete_retention_days | bigint | Indicates the number of days that the deleted item should be retained. | |
blob_restore_policy_days | bigint | Specifies how long the blob can be restored. | |
blob_restore_policy_enabled | boolean | Specifies whether blob restore is enabled. | |
blob_service_logging | jsonb | Specifies the blob service properties for logging access. | |
blob_soft_delete_enabled | boolean | Specifies whether DeleteRetentionPolicy is enabled. | |
blob_soft_delete_retention_days | bigint | Indicates the number of days that the deleted item should be retained. | |
blob_versioning_enabled | boolean | Specifies whether versioning is enabled. | |
cloud_environment | text | The Azure Cloud Environment. | |
creation_time | timestamp with time zone | Creation date and time of the storage account. | |
diagnostic_settings | jsonb | A list of active diagnostic settings for the storage account. | |
enable_https_traffic_only | boolean | Allows https traffic only to storage service if sets to true. | |
encryption_key_source | text | Contains the encryption keySource (provider). | |
encryption_key_vault_properties_key_current_version_id | text | The object identifier of the current versioned Key Vault Key in use. | |
encryption_key_vault_properties_key_name | text | The name of KeyVault key. | |
encryption_key_vault_properties_key_vault_uri | text | The Uri of KeyVault. | |
encryption_key_vault_properties_key_version | text | The version of KeyVault key. | |
encryption_key_vault_properties_last_rotation_time | timestamp with time zone | Timestamp of last rotation of the Key Vault Key. | |
encryption_scope | jsonb | Encryption scope details for the storage account. | |
encryption_services | jsonb | A list of services which support encryption. | |
failover_in_progress | boolean | Specifies whether the failover is in progress. | |
file_soft_delete_enabled | boolean | Specifies whether DeleteRetentionPolicy is enabled. | |
file_soft_delete_retention_days | bigint | Indicates the number of days that the deleted item should be retained. | |
id | text | Contains ID to identify a storage account uniquely. | |
is_hns_enabled | boolean | Specifies whether account HierarchicalNamespace is enabled. | |
kind | text | The kind of the resource. | |
lifecycle_management_policy | jsonb | The managementpolicy associated with the specified storage account. | |
minimum_tls_version | text | Contains the minimum TLS version to be permitted on requests to storage. | |
name | text | = | The friendly name that identifies the storage account. |
network_ip_rules | jsonb | A list of IP ACL rules. | |
network_rule_bypass | text | Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. | |
network_rule_default_action | text | Specifies the default action of allow or deny when no other rules match. | |
primary_blob_endpoint | text | Contains the blob endpoint. | |
primary_dfs_endpoint | text | Contains the dfs endpoint. | |
primary_file_endpoint | text | Contains the file endpoint. | |
primary_location | text | Contains the location of the primary data center for the storage account. | |
primary_queue_endpoint | text | Contains the queue endpoint. | |
primary_table_endpoint | text | Contains the table endpoint. | |
primary_web_endpoint | text | Contains the web endpoint. | |
private_endpoint_connections | jsonb | A list of private endpoint connection associated with the specified storage account. | |
provisioning_state | text | The provisioning state of the storage account resource. | |
public_network_access | text | Allow or disallow public network access to Storage Account. Value is optional but if passed in, must be Enabled or Disabled. | |
queue_logging_delete | boolean | Specifies whether all delete requests should be logged. | |
queue_logging_read | boolean | Specifies whether all read requests should be logged. | |
queue_logging_retention_days | bigint | Indicates the number of days that metrics or logging data should be retained. | |
queue_logging_retention_enabled | boolean | Specifies whether a retention policy is enabled for the storage service. | |
queue_logging_version | text | The version of Storage Analytics to configure. | |
queue_logging_write | boolean | Specifies whether all write requests should be logged. | |
region | text | The Azure region/location in which the resource is located. | |
require_infrastructure_encryption | boolean | Specifies whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest. | |
resource_group | text | = | The resource group which holds this resource. |
secondary_location | text | Contains the location of the geo-replicated secondary for the storage account. | |
sku_name | text | Contains sku name of the storage account. | |
sku_tier | text | Contains sku tier of the storage account. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
status_of_primary | text | The status indicating whether the primary location of the storage account is available or unavailable. Possible values include: 'available', 'unavailable'. | |
status_of_secondary | text | The status indicating whether the secondary location of the storage account is available or unavailable. Only available if the SKU name is Standard_GRS or Standard_RAGRS. Possible values include: 'available', 'unavailable'. | |
subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
table_logging_delete | boolean | Indicates whether all delete requests should be logged. | |
table_logging_read | boolean | Indicates whether all read requests should be logged. | |
table_logging_retention_policy | jsonb | The retention policy. | |
table_logging_version | text | The version of Analytics to configure. | |
table_logging_write | boolean | Indicates whether all write requests should be logged. | |
table_properties | jsonb | Azure Analytics Logging settings of tables. | |
tags | jsonb | A map of tags for the resource. | |
title | text | Title of the resource. | |
type | text | Type of the resource. | |
virtual_network_rules | jsonb | A list of virtual network rules. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure
You can pass the configuration to the command with the --config
argument:
steampipe_export_azure --config '<your_config>' azure_storage_account