Table: azure_virtual_network - Query Azure Virtual Networks using SQL
Azure Virtual Networks is a fundamental building block for your private network in Azure. It enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. Azure virtual network is similar to a traditional network that you'd operate in your own data center but brings with it additional benefits of Azure's infrastructure such as scale, availability, and isolation.
Table Usage Guide
The azure_virtual_network table provides detailed information about each virtual network within an Azure subscription. As a network administrator or cloud architect, you can use this table to gather data about the subnets, IP address ranges, and connected devices within each virtual network. This information can be used to monitor network usage, plan for capacity, and ensure the network is correctly configured for your applications' requirements.
Examples
List of virtual networks where DDoS(Distributed Denial of Service attacks) Protection is not enabled
Discover the segments of your virtual networks that are potentially vulnerable to Distributed Denial of Service (DDoS) attacks, as they do not have DDoS protection enabled. This information can help prioritize areas for security enhancement and risk mitigation.
select name, enable_ddos_protection, region, resource_groupfrom azure_virtual_networkwhere not enable_ddos_protection;select name, enable_ddos_protection, region, resource_groupfrom azure_virtual_networkwhere enable_ddos_protection is not 1;CIDR list for each virtual network
Determine the areas in which your Azure virtual networks operate by identifying their respective address blocks. This can help in network planning and management by providing a clear view of the network's structure and usage.
select name, jsonb_array_elements_text(address_prefixes) as address_blockfrom azure_virtual_network;select name, json_each.value as address_blockfrom azure_virtual_network, json_each(azure_virtual_network.address_prefixes);List VPCs with public CIDR blocks
Determine the areas in which Virtual Private Networks (VPCs) have public CIDR blocks, allowing you to assess network accessibility and security risks. This is particularly useful in identifying potential exposure of your Azure virtual networks to the public internet.
select name, cidr_block, region, resource_groupfrom azure_virtual_network cross join jsonb_array_elements_text(address_prefixes) as cidr_blockwhere not cidr_block :: cidr = '10.0.0.0/16' and not cidr_block :: cidr = '192.168.0.0/16' and not cidr_block :: cidr = '172.16.0.0/12';Error: SQLite does not support CIDR operations.Subnet details associated with the virtual network
Determine the areas in which subnets interact with your virtual network. This query helps to analyze the configuration of these subnets, providing insights into their address prefixes, network policies, service endpoints, and route tables, which can be useful for network management and troubleshooting.
select name, subnet ->> 'name' as subnet_name, subnet -> 'properties' ->> 'addressPrefix' as address_prefix, subnet -> 'properties' ->> 'privateEndpointNetworkPolicies' as private_endpoint_network_policies, subnet -> 'properties' ->> 'privateLinkServiceNetworkPolicies' as private_link_service_network_policies, subnet -> 'properties' ->> 'serviceEndpoints' as service_endpoints, split_part(subnet -> 'properties' ->> 'routeTable', '/', 9) as route_tablefrom azure_virtual_network cross join jsonb_array_elements(subnets) as subnet;Error: SQLite does not support split_part function.Query examples
- compute_virtual_machines_for_network_virtual_network
- network_application_gateways_for_network_virtual_network
- network_load_balancer_backend_address_pools_for_network_virtual_network
- network_load_balancers_for_network_virtual_network
- network_nat_gateways_for_network_virtual_network
- network_route_tables_for_network_virtual_network
- network_security_groups_for_network_virtual_network
- network_subnets_for_network_virtual_network
- network_virtual_networks_for_app_service_web
- network_virtual_networks_for_compute_virtual_machine
- network_virtual_networks_for_compute_virtual_machine_scale_set
- network_virtual_networks_for_compute_virtual_machine_scale_set_vm
- network_virtual_networks_for_key_vault
- network_virtual_networks_for_network_firewall
- network_virtual_networks_for_network_interface
- network_virtual_networks_for_network_load_balancer
- network_virtual_networks_for_network_security_group
- network_virtual_networks_for_sql_server
- sql_servers_for_network_virtual_network
- virtual_network_address_prefixes
- virtual_network_by_provisioning_state
- virtual_network_by_region
- virtual_network_by_subscription
- virtual_network_count
- virtual_network_ddos_protection
- virtual_network_ddos_protection_enabled
- virtual_network_egress_rule_sankey
- virtual_network_ingress_rule_sankey
- virtual_network_nsg
- virtual_network_num_ips
- virtual_network_peering_connection
- virtual_network_route_tables
- virtual_network_routes
- virtual_network_subnet_details
- virtual_network_subnets_count
- virtual_network_tags
Control examples
Schema for azure_virtual_network
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| address_prefixes | jsonb | A list of address blocks reserved for this virtual network in CIDR notation | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| enable_ddos_protection | boolean | Indicates if DDoS protection is enabled for all the protected resources in the virtual network | |
| enable_vm_protection | boolean | Indicates if VM protection is enabled for all the subnets in the virtual network | |
| etag | text | An unique read-only string that changes whenever the resource is updated | |
| id | text | Contains ID to identify a virtual network uniquely | |
| name | text | = | The friendly name that identifies the virtual network |
| network_peerings | jsonb | A list of peerings in a Virtual Network | |
| provisioning_state | text | The provisioning state of the virtual network resource | |
| region | text | The Azure region/location in which the resource is located. | |
| resource_group | text | = | The resource group which holds this resource. |
| resource_guid | text | The resourceGuid property of the Virtual Network resource | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| subnets | jsonb | A list of subnets in a Virtual Network | |
| subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
| tags | jsonb | A map of tags for the resource. | |
| title | text | Title of the resource. | |
| type | text | Type of the resource |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_virtual_network