standard
turbot/azure_compliance

Trigger: Detect & correct PostgreSQL servers allowing access to Azure services

Detect PostgreSQL servers allowing access to Azure services and then disable access to Azure services.

Query

with postgres_db_with_allow_access_to_azure_services as (
select
id
from
azure_postgresql_server,
jsonb_array_elements(firewall_rules) as r
where
r -> 'FirewallRuleProperties' ->> 'endIpAddress' = '0.0.0.0'
and r -> 'FirewallRuleProperties' ->> 'startIpAddress' = '0.0.0.0'
)
select
concat(
db.id,
' [',
db.subscription_id,
'/',
db.resource_group,
']'
) as title,
db.id as id,
db.name,
db.resource_group,
db.subscription_id,
db._ctx ->> 'connection_name' as conn
from
azure_postgresql_server as db,
postgres_db_with_allow_access_to_azure_services as a,
azure_subscription as sub
where
a.id is not null
and sub.subscription_id = db.subscription_id;

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/PostgreSQL