steampipe plugin install azure

Table: azure_subnet - Query Azure Subnets using SQL

Azure Subnets are subdivisions of Azure Virtual Networks, which provide a range of IP addresses that can be used by resources. They allow for the segmentation of networks within Azure, which can enhance security and traffic management. Subnets can be associated with Network Security Groups and Route Tables to further customize network traffic rules.

Table Usage Guide

The azure_subnet table provides insights into Azure Subnets within Azure Virtual Networks. As a network administrator, you can explore subnet-specific details through this table, including associated Network Security Groups, Route Tables, and IP configurations. Utilize it to manage and monitor your network segmentation, ensuring optimal security and traffic flow within your Azure environment.


Virtual network and IP address range of each subnet

Determine the areas in which your Azure virtual networks are deployed and gain insights into the IP address range of each subnet. This can help in managing network configurations and ensuring optimal resource allocation across different regions.


Route table associated with each subnet

Determine the areas in which subnets and their associated route tables exist in Azure. This information can be useful to understand the routing of network traffic within your Azure environment.

select subnet_name,
st.virtual_network_name, route_table_name,
jsonb_array_elements(rt.routes) -> 'properties' ->> 'addressPrefix' as route_address_prefix,
jsonb_array_elements(rt.routes) -> 'properties' ->> 'nextHopType' as route_next_hop_type
azure_route_table as rt
join azure_subnet st on = st.route_table_id;
select as subnet_name,
st.virtual_network_name, as route_table_name,
json_extract(route.value, '$.properties.addressPrefix') as route_address_prefix,
json_extract(route.value, '$.properties.nextHopType') as route_next_hop_type
azure_route_table as rt,
json_each(rt.routes) as route
join azure_subnet as st on = st.route_table_id;

Network security group associated with each subnet

Explore the association between each subnet and its network security group to understand how your Azure network's security is structured. This can help identify potential vulnerabilities or areas for improvement in your network's security configuration.

name subnet_name,
split_part(network_security_group_id, '/', 9) as network_security_name
Error: SQLite does not support split_part function.

Service endpoints info of each subnet

Analyze the settings to understand the service endpoints for each subnet within your Azure environment. This can be useful to identify which services are accessible in specific locations, helping to manage network security and connectivity.

endpoint -> 'locations' as location,
endpoint -> 'service' as service
cross join jsonb_array_elements(service_endpoints) as endpoint;
json_extract(endpoint.value, '$.locations') as location,
json_extract(endpoint.value, '$.service') as service
json_each(service_endpoints) as endpoint;

Schema for azure_subnet

_ctxjsonbSteampipe context in JSON form.
address_prefixtextContains the address prefix for the subnet.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
cloud_environmenttextThe Azure Cloud Environment.
delegationsjsonbA list of references to the delegations on the subnet.
etagtextAn unique read-only string that changes whenever the resource is updated.
idtextContains ID to identify a subnet uniquely.
ip_configurationsjsonbIP Configuration details in a subnet.
nametext=The friendly name that identifies the subnet.
nat_gateway_idtextThe ID of the Nat gateway associated with the subnet.
network_security_group_idtextNetwork security group associated with the subnet.
private_endpoint_network_policiestextEnable or Disable apply network policies on private end point in the subnet.
private_link_service_network_policiestextEnable or Disable apply network policies on private link service in the subnet.
provisioning_statetextThe provisioning state of the subnet resource.
resource_grouptext=The resource group which holds this resource.
route_table_idtextRoute table associated with the subnet.
service_endpoint_policiesjsonbA list of service endpoint policies.
service_endpointsjsonbA list of service endpoints.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
subscription_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Subscription ID in which the resource is located.
titletextTitle of the resource.
typetextType of the resource.
virtual_network_nametext=The friendly name of the virtual network in which the subnet is created.


This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the script:

/bin/sh -c "$(curl -fsSL" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_subnet