standard
turbot/azure_compliance

Trigger: Detect & correct Storage Accounts not using private link

Detect Storage Accounts not using private link.

Query

with storage_account_connection as (
select
distinct a.id
from
azure_storage_account as a,
jsonb_array_elements(private_endpoint_connections) as connection
where
connection -> 'properties' -> 'privateLinkServiceConnectionState' ->> 'status' = 'Approved'
)
select
concat(id, ' [', subscription_id, '/', resource_group, ']') as title,
id as id,
name,
resource_group,
subscription_id,
_ctx ->> 'connection_name' as conn
from
azure_storage_account
where
id not in (
select
id
from
storage_account_connection
);

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/Storage