azure_ad_groupazure_ad_service_principalazure_ad_userazure_alert_managementazure_api_managementazure_api_management_backendazure_app_configurationazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_app_service_web_app_slotazure_application_gatewayazure_application_insightazure_application_security_groupazure_automation_accountazure_automation_variableazure_backup_policyazure_bastion_hostazure_batch_accountazure_cdn_frontdoor_profileazure_cognitive_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_accessazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_ssh_keyazure_compute_virtual_machineazure_compute_virtual_machine_metric_available_memoryazure_compute_virtual_machine_metric_available_memory_dailyazure_compute_virtual_machine_metric_available_memory_hourlyazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_compute_virtual_machine_scale_set_network_interfaceazure_compute_virtual_machine_scale_set_vmazure_consumption_usageazure_container_groupazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_collectionazure_cosmosdb_mongo_databaseazure_cosmosdb_restorable_database_accountazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_data_protection_backup_jobazure_data_protection_backup_vaultazure_databox_edge_deviceazure_databricks_workspaceazure_diagnostic_settingazure_dns_zoneazure_eventgrid_domainazure_eventgrid_topicazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_firewall_policyazure_frontdoorazure_hdinsight_clusterazure_healthcare_serviceazure_hpc_cacheazure_hybrid_compute_machineazure_hybrid_kubernetes_connected_clusterazure_iothubazure_iothub_dpsazure_key_vaultazure_key_vault_certificateazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_key_versionazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_kubernetes_service_versionazure_kusto_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_lighthouse_assignmentazure_lighthouse_definitionazure_locationazure_log_alertazure_log_analytics_workspaceazure_log_profileazure_logic_app_workflowazure_machine_learning_workspaceazure_maintenance_configurationazure_management_groupazure_management_lockazure_mariadb_serverazure_monitor_activity_log_eventazure_monitor_log_profileazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mssql_virtual_machineazure_mysql_flexible_serverazure_mysql_serverazure_nat_gatewayazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_flexible_serverazure_postgresql_serverazure_private_dns_zoneazure_private_endpointazure_providerazure_public_ipazure_recovery_services_backup_jobazure_recovery_services_vaultazure_redis_cacheazure_resourceazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_automationazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_sub_assessmentazure_security_center_subscription_pricingazure_service_fabric_clusterazure_servicebus_namespaceazure_signalr_serviceazure_spring_cloud_serviceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_share_fileazure_storage_syncazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_synapse_workspaceazure_tenantazure_virtual_networkazure_virtual_network_gatewayazure_web_application_firewall_policy
Table: azure_synapse_workspace - Query Azure Synapse Workspaces using SQL
Azure Synapse Workspace is a feature within Microsoft Azure that integrates with big data and data warehouse technology for immediate insights. It offers a unified experience to ingest, prepare, manage, and serve data for immediate business intelligence and machine learning needs. Azure Synapse Workspace is designed to enable collaboration between data professionals and business decision-makers in a secure and compliant manner.
Table Usage Guide
The azure_synapse_workspace table provides insights into Azure Synapse Workspaces within Microsoft Azure. As a data analyst or data scientist, explore workspace-specific details through this table, including managed private endpoints, firewall settings, and associated metadata. Utilize it to uncover information about workspaces, such as those with private endpoint connections, the status of managed private endpoints, and the verification of firewall rules.
Examples
Basic info
Explore the status and type of your Synapse workspaces in Azure to understand their current operation and provisioning state. This can help in managing and optimizing your resources effectively.
select id, name, type, provisioning_statefrom azure_synapse_workspace;select id, name, type, provisioning_statefrom azure_synapse_workspace;List synapse workspaces with public network access enabled
Identify instances where Synapse workspaces in Azure have public network access enabled. This can be useful for security audits to ensure that sensitive data is not exposed to the public internet.
select id, name, type, provisioning_state, public_network_accessfrom azure_synapse_workspacewhere public_network_access = 'Enabled';select id, name, type, provisioning_state, public_network_accessfrom azure_synapse_workspacewhere public_network_access = 'Enabled';List synapse workspaces with user assigned identities
Discover the segments that utilize user-assigned identities within Synapse workspaces. This is beneficial for those wanting to understand which workspaces are configured with specific identity types, aiding in security and access management.
select id, name, identity -> 'type' as identity_typefrom azure_synapse_workspacewhere exists ( select from unnest(regexp_split_to_array(identity ->> 'type', ',')) elem where trim(elem) = 'UserAssigned' );select id, name, json_extract(identity, '$.type') as identity_typefrom azure_synapse_workspacewhere instr(json_extract(identity, '$.type'), 'UserAssigned') > 0;List private endpoint connection details for synapse workspaces
Explore the details of private endpoint connections for Synapse workspaces. This is beneficial for understanding the status, actions required, and provisioning state of these connections, which can aid in managing and troubleshooting your Azure Synapse Workspaces.
select name as workspace_name, id as workspace_id, connections ->> 'id' as connection_id, connections ->> 'privateEndpointPropertyId' as connection_private_endpoint_property_id, connections ->> 'privateLinkServiceConnectionStateActionsRequired' as connection_actions_required, connections ->> 'privateLinkServiceConnectionStateDescription' as connection_description, connections ->> 'privateLinkServiceConnectionStateStatus' as connection_status, connections ->> 'provisioningState' as connection_provisioning_statefrom azure_synapse_workspace, jsonb_array_elements(private_endpoint_connections) as connections;select name as workspace_name, w.id as workspace_id, json_extract(connections.value, '$.id') as connection_id, json_extract(connections.value, '$.privateEndpointPropertyId') as connection_private_endpoint_property_id, json_extract( connections.value, '$.privateLinkServiceConnectionStateActionsRequired' ) as connection_actions_required, json_extract( connections.value, '$.privateLinkServiceConnectionStateDescription' ) as connection_description, json_extract( connections.value, '$.privateLinkServiceConnectionStateStatus' ) as connection_status, json_extract(connections.value, '$.provisioningState') as connection_provisioning_statefrom azure_synapse_workspace as w, json_each(private_endpoint_connections) as connections;List encryption details for synapse workspaces
Explore encryption details for Synapse workspaces to understand the status and level of security measures in place. This can be particularly useful for security audits or for ensuring compliance with data protection regulations.
select name as workspace_name, id as workspace_id, encryption -> 'CmkKey' ->> 'keyVaultUrl' as cmk_key_vault_url, encryption -> 'CmkKey' ->> 'name' as cmk_key_name, encryption ->> 'CmkStatus' as cmk_status, encryption -> 'DoubleEncryptionEnabled' as double_encryption_enabledfrom azure_synapse_workspace;select name as workspace_name, id as workspace_id, json_extract(encryption, '$.CmkKey.keyVaultUrl') as cmk_key_vault_url, json_extract(encryption, '$.CmkKey.name') as cmk_key_name, json_extract(encryption, '$.CmkStatus') as cmk_status, json_extract(encryption, '$.DoubleEncryptionEnabled') as double_encryption_enabledfrom azure_synapse_workspace;Control examples
- All Controls > Synapse Analytics > Synapse workspaces should have data exfiltration protection enabled
- Azure Synapse workspaces should use customer-managed keys to encrypt data at rest
- Azure Synapse workspaces should use private link
- Vulnerability assessment should be enabled on your Synapse workspaces
Schema for azure_synapse_workspace
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| adla_resource_id | text | The ADLA resource ID. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| connectivity_endpoints | jsonb | Connectivity endpoints of the resource. | |
| default_data_lake_storage | jsonb | Workspace default data lake storage account details. | |
| diagnostic_settings | jsonb | A list of active diagnostic settings for the resource. | |
| encryption | jsonb | The encryption details of the workspace. | |
| extra_properties | jsonb | Workspace level configs and feature flags. | |
| id | text | Fully qualified resource ID for the resource. | |
| identity | jsonb | The identity of the workspace. | |
| managed_resource_group_name | text | The managed resource group of the resource. | |
| managed_virtual_network | text | A managed virtual network for the workspace. | |
| managed_virtual_network_settings | jsonb | Managed virtual network settings of the workspace. | |
| name | text | = | The name of the resource. |
| private_endpoint_connections | jsonb | Private endpoint connections to the workspace. | |
| provisioning_state | text | The provisioning state of the resource. | |
| public_network_access | text | Pubic network access to workspace. | |
| purview_configuration | jsonb | Purview configuration of the workspace. | |
| region | text | The Azure region/location in which the resource is located. | |
| resource_group | text | = | The resource group which holds this resource. |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| sql_administrator_login | text | Login for workspace SQL active directory administrator. | |
| sql_administrator_login_password | text | The SQL administrator login password of the resource. | |
| subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
| tags | jsonb | A map of tags for the resource. | |
| title | text | Title of the resource. | |
| type | text | The type of the resource. | |
| virtual_network_profile | jsonb | Virtual network profile of the resource. | |
| workspace_managed_sql_server_vulnerability_assessments | jsonb | The vulnerability assessments details of the workspace. | |
| workspace_repository_configuration | jsonb | Git integration settings of the workspace. | |
| workspace_uid | jsonb | The unique identifier of the workspace. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_synapse_workspace