steampipe plugin install azure

Table: azure_storage_container - Query Azure Storage Containers using SQL

Azure Storage Containers are a part of Azure Blob Storage service. They are used to organize blobs in a similar way as a directory in a file system. Containers provide a grouping of a set of blobs, and all blobs must be in a container.

Table Usage Guide

The azure_storage_container table provides insights into Azure Storage Containers within Azure Blob Storage service. As a data engineer, explore container-specific details through this table, including metadata, public access level, and more. Utilize it to uncover information about containers, such as those with public access, the metadata associated with containers, and the verification of access policies.

Examples

Basic info

Explore which Azure storage containers are linked to your account. This can help in managing resources and identifying potential areas for optimization or restructuring.

select
name,
id,
type,
account_name
from
azure_storage_container;
select
name,
id,
type,
account_name
from
azure_storage_container;

List containers which are publicly accessible

Explore which Azure storage containers are set to public access, allowing you to identify potential security risks and rectify them to prevent unauthorized access to sensitive data.

select
name,
id,
type,
account_name,
public_access
from
azure_storage_container
where
public_access <> 'None';
select
name,
id,
type,
account_name,
public_access
from
azure_storage_container
where
public_access <> 'None';

Discover the segments that have legal hold enabled in their Azure storage containers. This is beneficial for understanding which areas have additional data preservation measures in place for legal or compliance reasons.

select
name,
id,
type,
account_name,
has_legal_hold
from
azure_storage_container
where
has_legal_hold;
select
name,
id,
type,
account_name,
has_legal_hold
from
azure_storage_container
where
has_legal_hold = 1;

List containers which are either leased or have a broken lease state

Determine the areas in which Azure storage containers are either currently leased or have a broken lease state. This is useful for managing resources and identifying potential issues with container leases.

select
name,
id,
type,
account_name,
lease_state
from
azure_storage_container
where
lease_state = 'Leased'
or lease_state = 'Broken';
select
name,
id,
type,
account_name,
lease_state
from
azure_storage_container
where
lease_state = 'Leased'
or lease_state = 'Broken';

List containers with infinite lease duration

Discover the segments that have an unlimited lease duration in Azure Storage, helping you identify potential areas for cost optimization and better resource management.

select
name,
id,
type,
account_name,
lease_duration
from
azure_storage_container
where
lease_duration = 'Infinite';
select
name,
id,
type,
account_name,
lease_duration
from
azure_storage_container
where
lease_duration = 'Infinite';

List containers with a remaining retention period of 7 days

Determine the areas in which Azure storage containers are nearing the end of their retention period. This is useful for proactive management of storage resources, allowing you to take timely action before the containers expire.

select
name,
id,
type,
account_name,
remaining_retention_days
from
azure_storage_container
where
remaining_retention_days = 7;
select
name,
id,
type,
account_name,
remaining_retention_days
from
azure_storage_container
where
remaining_retention_days = 7;

List containers ImmutabilityPolicy details

Analyze the settings to understand the immutability policies of your Azure storage containers. This can help you manage data retention and protect your data from being modified or deleted.

select
name,
account_name,
jsonb_pretty(immutability_policy) as immutability_policy
from
azure_storage_container;
select
name,
account_name,
immutability_policy
from
azure_storage_container;

Control examples

Schema for azure_storage_container

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_nametext=The friendly name that identifies the storage account.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
cloud_environmenttextThe Azure Cloud Environment.
default_encryption_scopetextDefault the container to use specified encryption scope for all writes.
deletedbooleanIndicates whether the blob container was deleted.
deleted_timetimestamp with time zoneSpecifies the time when the container was deleted.
deny_encryption_scope_overridebooleanIndicates whether block override of encryption scope from the container default, or not.
has_immutability_policybooleanThe hasImmutabilityPolicy public property is set to true by SRP if ImmutabilityPolicy has been created for this container. The hasImmutabilityPolicy public property is set to false by SRP if ImmutabilityPolicy has not been created for this container.
has_legal_holdbooleanThe hasLegalHold public property is set to true by SRP if there are at least one existing tag. The hasLegalHold public property is set to false by SRP if all existing legal hold tags are cleared out. There can be a maximum of 1000 blob containers with hasLegalHold=true for a given account.
idtextContains ID to identify a container uniquely.
immutability_policyjsonbThe ImmutabilityPolicy property of the container.
last_modified_timetimestamp with time zoneSpecifies the date and time the container was last modified.
lease_durationtextSpecifies whether the lease on a container is of infinite or fixed duration, only when the container is leased. Possible values are: 'Infinite', 'Fixed'.
lease_statetextSpecifies the lease state of the container.
lease_statustextSpecifies the lease status of the container.
legal_holdjsonbThe LegalHold property of the container.
metadatajsonbA name-value pair to associate with the container as metadata.
nametext=The friendly name that identifies the container.
public_accesstextSpecifies whether data in the container may be accessed publicly and the level of access.
remaining_retention_daysbigintRemaining retention days for soft deleted blob container.
resource_grouptext=The resource group which holds this resource.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
subscription_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Subscription ID in which the resource is located.
titletextTitle of the resource.
typetextSpecifies the type of the container.
versiontextThe version of the deleted blob container.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_storage_container