standard
turbot/azure_cis

Pipeline: 6.5 Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads)

Description

The use of Basic or Free SKUs in Azure whilst cost effective have significant limitations in terms of what can be monitored and what support can be realized from Microsoft. Typically, these SKU’s do not have a service SLA and Microsoft may refuse to provide support for them. Consequently Basic/Free SKUs should never be used for production workloads.

Typically, production workloads need to be monitored and should have an SLA with Microsoft, using Basic SKUs for any deployed product will mean that that these capabilities do not exist.

The following resource types should use standard SKUs as a minimum.

  • Public IP Addresses
  • Network Load Balancers
  • REDIS Cache
  • SQL PaaS Databases
  • VPN Gateways

Remediation

Each artifact has its own process for upgrading from basic to standard SKU's and this should be followed if required.

Default Value

Policy should enforce standard SKUs for the following artifacts:

  • Public IP Addresses
  • Network Load Balancers
  • REDIS Cache
  • SQL PaaS Databases
  • VPN Gateways

Run the pipeline

To run this pipeline from your terminal:

flowpipe pipeline run azure_cis.pipeline.cis_v300_6_5

Use this pipeline

To call this pipeline from your pipeline, use a step:

step "pipeline" "step_name" {
pipeline = azure_cis.pipeline.cis_v300_6_5
}

Params

NameTypeRequiredDescriptionDefault
database
connection.steampipe
YesDatabase connection string.connection.steampipe.default
notifier
notifier
YesThe name of the notifier to use for sending notification messages.notifier.default
notification_level
string
YesThe verbosity level of notification messages to send. Valid options are 'verbose', 'info', 'error'.info

Outputs

This pipeline has no outputs.

Tags

folder = CIS v3.0.0/6 Logging and Monitoring