standard
turbot/azure_compliance

Trigger: Detect & correct Subscriptions with custom owner roles

Detect subscriptions with custom owner roles and then delete custom subscriptions owner roles.

Query

select
concat(id, ' [', subscription_id, '/', role_name, ']') as title,
id as id,
role_name as name,
subscription_id,
_ctx ->> 'connection_name' as conn
from
azure_role_definition,
jsonb_array_elements(permissions) as s,
jsonb_array_elements_text(s -> 'actions') as action
where
role_type = 'CustomRole'
and action in ('*', '*:*');

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/IAM