standard
turbot/azure_compliance

Trigger: Detect & correct Key Vaults without a private link

Detect Key Vaults without a private link.

Query

select
concat(
vault.id,
' [',
vault.subscription_id,
'/',
vault.resource_group,
']'
) as title,
vault.id as id,
vault.name,
vault.resource_group,
vault.subscription_id,
vault._ctx ->> 'connection_name' as conn
from
azure_key_vault as vault
where
private_endpoint_connections is null
or (
not private_endpoint_connections @> '[{"PrivateLinkServiceConnectionStateStatus": "Approved"}]'
);

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/KeyVault