Pipeline: 6.5 Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads)
Description
The use of Basic or Free SKUs in Azure whilst cost effective have significant limitations in terms of what can be monitored and what support can be realized from Microsoft. Typically, these SKU’s do not have a service SLA and Microsoft may refuse to provide support for them. Consequently Basic/Free SKUs should never be used for production workloads.
Typically, production workloads need to be monitored and should have an SLA with Microsoft, using Basic SKUs for any deployed product will mean that that these capabilities do not exist.
The following resource types should use standard SKUs as a minimum.
- Public IP Addresses
- Network Load Balancers
- REDIS Cache
- SQL PaaS Databases
- VPN Gateways
Remediation
Each artifact has its own process for upgrading from basic to standard SKU's and this should be followed if required.
Default Value
Policy should enforce standard SKUs for the following artifacts:
- Public IP Addresses
- Network Load Balancers
- REDIS Cache
- SQL PaaS Databases
- VPN Gateways
Run the pipeline
To run this pipeline from your terminal:
flowpipe pipeline run azure_cis.pipeline.cis_v300_6_5
Use this pipeline
To call this pipeline from your pipeline, use a step:
step "pipeline" "step_name" { pipeline = azure_cis.pipeline.cis_v300_6_5 }
Params
Name | Type | Required | Description | Default |
---|---|---|---|---|
database | connection.steampipe | Yes | Database connection string. | connection.steampipe.default |
notifier | notifier | Yes | The name of the notifier to use for sending notification messages. | notifier.default |
notification_level | string | Yes | The verbosity level of notification messages to send. Valid options are 'verbose', 'info', 'error'. | info |
Outputs
This pipeline has no outputs.