azure_ad_groupazure_ad_service_principalazure_ad_userazure_alert_managementazure_api_managementazure_api_management_backendazure_app_configurationazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_app_service_web_app_slotazure_application_gatewayazure_application_insightazure_application_security_groupazure_automation_accountazure_automation_variableazure_backup_policyazure_bastion_hostazure_batch_accountazure_cdn_frontdoor_profileazure_cognitive_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_accessazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_ssh_keyazure_compute_virtual_machineazure_compute_virtual_machine_metric_available_memoryazure_compute_virtual_machine_metric_available_memory_dailyazure_compute_virtual_machine_metric_available_memory_hourlyazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_compute_virtual_machine_scale_set_network_interfaceazure_compute_virtual_machine_scale_set_vmazure_consumption_usageazure_container_groupazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_collectionazure_cosmosdb_mongo_databaseazure_cosmosdb_restorable_database_accountazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_data_protection_backup_jobazure_data_protection_backup_vaultazure_databox_edge_deviceazure_databricks_workspaceazure_diagnostic_settingazure_dns_zoneazure_eventgrid_domainazure_eventgrid_topicazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_firewall_policyazure_frontdoorazure_hdinsight_clusterazure_healthcare_serviceazure_hpc_cacheazure_hybrid_compute_machineazure_hybrid_kubernetes_connected_clusterazure_iothubazure_iothub_dpsazure_key_vaultazure_key_vault_certificateazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_key_versionazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_kubernetes_service_versionazure_kusto_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_lighthouse_assignmentazure_lighthouse_definitionazure_locationazure_log_alertazure_log_analytics_workspaceazure_log_profileazure_logic_app_workflowazure_machine_learning_workspaceazure_maintenance_configurationazure_management_groupazure_management_lockazure_mariadb_serverazure_monitor_activity_log_eventazure_monitor_log_profileazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mssql_virtual_machineazure_mysql_flexible_serverazure_mysql_serverazure_nat_gatewayazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_flexible_serverazure_postgresql_serverazure_private_dns_zoneazure_private_endpointazure_providerazure_public_ipazure_recovery_services_backup_jobazure_recovery_services_vaultazure_redis_cacheazure_resourceazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_automationazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_sub_assessmentazure_security_center_subscription_pricingazure_service_fabric_clusterazure_servicebus_namespaceazure_signalr_serviceazure_spring_cloud_serviceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_share_fileazure_storage_syncazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_synapse_workspaceazure_tenantazure_virtual_networkazure_virtual_network_gatewayazure_web_application_firewall_policy
Table: azure_subnet - Query Azure Subnets using SQL
Azure Subnets are subdivisions of Azure Virtual Networks, which provide a range of IP addresses that can be used by resources. They allow for the segmentation of networks within Azure, which can enhance security and traffic management. Subnets can be associated with Network Security Groups and Route Tables to further customize network traffic rules.
Table Usage Guide
The azure_subnet table provides insights into Azure Subnets within Azure Virtual Networks. As a network administrator, you can explore subnet-specific details through this table, including associated Network Security Groups, Route Tables, and IP configurations. Utilize it to manage and monitor your network segmentation, ensuring optimal security and traffic flow within your Azure environment.
Examples
Virtual network and IP address range of each subnet
Determine the areas in which your Azure virtual networks are deployed and gain insights into the IP address range of each subnet. This can help in managing network configurations and ensuring optimal resource allocation across different regions.
select name, virtual_network_name, address_prefix, resource_groupfrom azure_subnet;select name, virtual_network_name, address_prefix, resource_groupfrom azure_subnet;Route table associated with each subnet
Determine the areas in which subnets and their associated route tables exist in Azure. This information can be useful to understand the routing of network traffic within your Azure environment.
select st.name subnet_name, st.virtual_network_name, rt.name route_table_name, jsonb_array_elements(rt.routes) -> 'properties' ->> 'addressPrefix' as route_address_prefix, jsonb_array_elements(rt.routes) -> 'properties' ->> 'nextHopType' as route_next_hop_typefrom azure_route_table as rt join azure_subnet st on rt.id = st.route_table_id;select st.name as subnet_name, st.virtual_network_name, rt.name as route_table_name, json_extract(route.value, '$.properties.addressPrefix') as route_address_prefix, json_extract(route.value, '$.properties.nextHopType') as route_next_hop_typefrom azure_route_table as rt, json_each(rt.routes) as route join azure_subnet as st on rt.id = st.route_table_id;Network security group associated with each subnet
Explore the association between each subnet and its network security group to understand how your Azure network's security is structured. This can help identify potential vulnerabilities or areas for improvement in your network's security configuration.
select name subnet_name, virtual_network_name, split_part(network_security_group_id, '/', 9) as network_security_namefrom azure_subnet;Error: SQLite does not support split_part function.Service endpoints info of each subnet
Analyze the settings to understand the service endpoints for each subnet within your Azure environment. This can be useful to identify which services are accessible in specific locations, helping to manage network security and connectivity.
select name, endpoint -> 'locations' as location, endpoint -> 'service' as servicefrom azure_subnet cross join jsonb_array_elements(service_endpoints) as endpoint;select name, json_extract(endpoint.value, '$.locations') as location, json_extract(endpoint.value, '$.service') as servicefrom azure_subnet, json_each(service_endpoints) as endpoint;Query examples
- network_security_group_assoc
- network_security_group_egress_rule_sankey
- network_security_group_ingress_rule_sankey
- network_subnet_address_prefix
- network_subnet_num_ips
- network_subnets_for_app_service_web
- network_subnets_for_compute_virtual_machine
- network_subnets_for_compute_virtual_machine_scale_set
- network_subnets_for_compute_virtual_machine_scale_set_vm
- network_subnets_for_key_vault
- network_subnets_for_network_firewall
- network_subnets_for_network_interface
- network_subnets_for_network_security_group
- network_subnets_for_network_virtual_network
- network_virtual_networks_for_compute_virtual_machine
- network_virtual_networks_for_key_vault
- network_virtual_networks_for_network_firewall
- network_virtual_networks_for_network_interface
Control examples
Schema for azure_subnet
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| address_prefix | text | Contains the address prefix for the subnet. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| delegations | jsonb | A list of references to the delegations on the subnet. | |
| etag | text | An unique read-only string that changes whenever the resource is updated. | |
| id | text | Contains ID to identify a subnet uniquely. | |
| ip_configurations | jsonb | IP Configuration details in a subnet. | |
| name | text | = | The friendly name that identifies the subnet. |
| nat_gateway_id | text | The ID of the Nat gateway associated with the subnet. | |
| network_security_group_id | text | Network security group associated with the subnet. | |
| private_endpoint_network_policies | text | Enable or Disable apply network policies on private end point in the subnet. | |
| private_link_service_network_policies | text | Enable or Disable apply network policies on private link service in the subnet. | |
| provisioning_state | text | The provisioning state of the subnet resource. | |
| resource_group | text | = | The resource group which holds this resource. |
| route_table_id | text | Route table associated with the subnet. | |
| service_endpoint_policies | jsonb | A list of service endpoint policies. | |
| service_endpoints | jsonb | A list of service endpoints. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
| title | text | Title of the resource. | |
| type | text | Type of the resource. | |
| virtual_network_name | text | = | The friendly name of the virtual network in which the subnet is created. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_subnet