Table: azure_compute_disks

This table shows data for Azure Compute Disks.

https://learn.microsoft.com/en-us/rest/api/compute/disks/list?tabs=HTTP#disk (opens in a new tab)

The primary key for this table is id.

Columns

NameType
_cq_iduuid
_cq_parent_iduuid
subscription_idutf8
locationutf8
extended_locationjson
propertiesjson
skujson
tagsjson
zoneslist<item: utf8, nullable>
id (PK)utf8
managed_byutf8
managed_by_extendedlist<item: utf8, nullable>
nameutf8
typeutf8

Example Queries

These SQL queries are sampled from CloudQuery policies and are compatible with PostgreSQL.

Ensure that ''OS and Data'' disks are encrypted with CMK (Automated)

INSERT
INTO
  azure_policy_results
    (
      execution_time,
      framework,
      check_id,
      title,
      subscription_id,
      resource_id,
      status
    )
SELECT
  e'Ensure that \'OS and Data\' disks are encrypted with CMK (Automated)'
    AS title,
  v.subscription_id AS subscription_id,
  v.id AS resource_id,
  CASE
  WHEN d.properties->'encryption'->>'type' NOT LIKE '%CustomerKey%' THEN 'fail'
  ELSE 'pass'
  END
    AS status
FROM
  azure_compute_virtual_machines AS v
  JOIN azure_compute_disks AS d ON
      lower(v.id) = lower(d.properties->>'managedBy');

Ensure that ''Unattached disks'' are encrypted with CMK (Automated)

INSERT
INTO
  azure_policy_results
    (
      execution_time,
      framework,
      check_id,
      title,
      subscription_id,
      resource_id,
      status
    )
SELECT
  e'Ensure that \'Unattached disks\' are encrypted with CMK (Automated)'
    AS title,
  subscription_id AS subscription_id,
  id AS resource_id,
  CASE
  WHEN properties->'encryption'->>'type' NOT LIKE '%CustomerKey%' THEN 'fail'
  ELSE 'pass'
  END
    AS status
FROM
  azure_compute_disks
WHERE
  properties->>'diskState' = 'Unattached';

Ensure that VHD''s are encrypted (Manual)

SELECT
  e'Ensure that VHD\'s are encrypted (Manual)' AS title,
  subscription_id AS subscription_id,
  id AS resource_id,
  CASE
  WHEN (properties->'encryptionSettingsCollection'->>'enabled')::BOOL
  IS NOT true
  THEN 'fail'
  ELSE 'pass'
  END
    AS status
FROM
  azure_compute_disks;