turbot/azure

steampipe plugin install azuresteampipe plugin install azure
On This Page
Get Involved

Table: azure_storage_account

An Azure storage account contains all of your Azure Storage data objects: blobs, files, queues, tables, and disks.

Examples

Basic info

select
name,
sku_name,
sku_tier,
primary_location,
secondary_location
from
azure_storage_account;

List storage accounts with versioning disabled

select
name,
blob_versioning_enabled
from
azure_storage_account
where
not blob_versioning_enabled;

List storage accounts with blob soft delete disabled

select
name,
blob_soft_delete_enabled,
blob_soft_delete_retention_days
from
azure_storage_account
where
not blob_soft_delete_enabled;

List storage accounts that allow blob public access

select
name,
allow_blob_public_access
from
azure_storage_account
where
allow_blob_public_access;

List storage accounts with encryption in transit disabled

select
name,
enable_https_traffic_only
from
azure_storage_account
where
not enable_https_traffic_only;

List storage accounts that do not have a cannot-delete lock

select
sg.name,
ml.scope,
ml.lock_level,
ml.notes
from
azure_storage_account as sg
left join azure_management_lock as ml on lower(sg.id) = lower(ml.scope)
where
(
(ml.lock_level is null)
or(ml.lock_level = 'ReadOnly')
);

List storage accounts with queue logging enabled

select
name,
queue_logging_delete,
queue_logging_read,
queue_logging_write
from
azure_storage_account
where
queue_logging_delete
and queue_logging_read
and queue_logging_write;

.inspect azure_storage_account

Azure Storage Account

NameTypeDescription
access_tiertextThe access tier used for billing.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
allow_blob_public_accessbooleanSpecifies whether allow or disallow public access to all blobs or containers in the storage account.
blob_change_feed_enabledbooleanSpecifies whether change feed event logging is enabled for the Blob service.
blob_container_soft_delete_enabledbooleanSpecifies whether DeleteRetentionPolicy is enabled.
blob_container_soft_delete_retention_daysbigintIndicates the number of days that the deleted item should be retained.
blob_restore_policy_daysbigintSpecifies how long the blob can be restored.
blob_restore_policy_enabledbooleanSpecifies whether blob restore is enabled.
blob_service_loggingjsonbSpecifies the blob service properties for logging access.
blob_soft_delete_enabledbooleanSpecifies whether DeleteRetentionPolicy is enabled.
blob_soft_delete_retention_daysbigintIndicates the number of days that the deleted item should be retained.
blob_versioning_enabledbooleanSpecifies whether versioning is enabled.
creation_timetimestamp without time zoneCreation date and time of the storage account.
enable_https_traffic_onlybooleanAllows https traffic only to storage service if sets to true.
encryption_key_sourcetextContains the encryption keySource (provider).
encryption_key_vault_properties_key_current_version_idtextThe object identifier of the current versioned Key Vault Key in use.
encryption_key_vault_properties_key_nametextThe name of KeyVault key.
encryption_key_vault_properties_key_vault_uritextThe Uri of KeyVault.
encryption_key_vault_properties_key_versiontextThe version of KeyVault key.
encryption_key_vault_properties_last_rotation_timetimestamp without time zoneTimestamp of last rotation of the Key Vault Key.
encryption_servicesjsonbA list of services which support encryption.
failover_in_progressbooleanSpecifies whether the failover is in progress.
file_soft_delete_enabledbooleanSpecifies whether DeleteRetentionPolicy is enabled.
file_soft_delete_retention_daysbigintIndicates the number of days that the deleted item should be retained.
idtextContains ID to identify a storage account uniquely.
is_hns_enabledbooleanSpecifies whether account HierarchicalNamespace is enabled.
kindtextThe kind of the resource.
minimum_tls_versiontextContains the minimum TLS version to be permitted on requests to storage.
nametextThe friendly name that identifies the storage account.
network_ip_rulesjsonbA list of IP ACL rules.
network_rule_bypasstextSpecifies whether traffic is bypassed for Logging/Metrics/AzureServices.
network_rule_default_actiontextSpecifies the default action of allow or deny when no other rules match.
primary_blob_endpointtextContains the blob endpoint.
primary_dfs_endpointtextContains the dfs endpoint.
primary_file_endpointtextContains the file endpoint.
primary_locationtextContains the location of the primary data center for the storage account.
primary_queue_endpointtextContains the queue endpoint.
primary_table_endpointtextContains the table endpoint.
primary_web_endpointtextContains the web endpoint.
private_endpoint_connectionsjsonbA list of private endpoint connection associated with the specified storage account.
provisioning_statetextThe provisioning state of the virtual network resource.
queue_logging_deletebooleanSpecifies whether all delete requests should be logged.
queue_logging_readbooleanSpecifies whether all read requests should be logged.
queue_logging_retention_daysbigintIndicates the number of days that metrics or logging data should be retained.
queue_logging_retention_enabledbooleanSpecifies whether a retention policy is enabled for the storage service.
queue_logging_versiontextThe version of Storage Analytics to configure.
queue_logging_writebooleanSpecifies whether all write requests should be logged.
regiontextThe Azure region/location in which the resource is located.
require_infrastructure_encryptionbooleanSpecifies whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
resource_grouptextThe resource group which holds this resource.
secondary_locationtextContains the location of the geo-replicated secondary for the storage account.
sku_nametextContains sku name of the storage account.
sku_tiertextContains sku tier of the storage account.
subscription_idtextThe Azure Subscription ID in which the resource is located.
tagsjsonbA map of tags for the resource.
titletextTitle of the resource.
typetextType of the resource.
virtual_network_rulesjsonbA list of virtual network rules.