From 89cfa986bd5d17aeea321695596b23c062e4d1fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20H=C3=A9zser?= Date: Fri, 5 Apr 2024 17:45:14 +0200 Subject: [PATCH] agw-8 - add query (#414) Co-authored-by: Rodrigo Santos --- .../services/networking/application-gateway/_index.md | 2 +- .../application-gateway/code/agw-8/agw-8.kql | 10 +++++++++- .../application-gateway/code/agw-8/agw-8.kql.fix | 8 -------- 3 files changed, 10 insertions(+), 10 deletions(-) delete mode 100644 docs/content/services/networking/application-gateway/code/agw-8/agw-8.kql.fix diff --git a/docs/content/services/networking/application-gateway/_index.md b/docs/content/services/networking/application-gateway/_index.md index fbb9ccc0d..52ff2bad7 100644 --- a/docs/content/services/networking/application-gateway/_index.md +++ b/docs/content/services/networking/application-gateway/_index.md @@ -21,7 +21,7 @@ The presented resiliency recommendations in this guidance include Application Ga | [AGW-5 - Monitor and Log the configurations and traffic](#agw-5---monitor-and-log-the-configurations-and-traffic) | Monitoring | Medium | Preview | No | | [AGW-6 - Use Health Probes to detect backend availability](#agw-6---use-health-probes-to-detect-backend-availability) | Monitoring | Medium | Preview | Yes | | [AGW-7 - Deploy Application Gateway in a zone-redundant configuration](#agw-7---deploy-application-gateway-in-a-zone-redundant-configuration)| Availability | High | Preview | Yes | -| [AGW-8 - Plan for backend maintenance by using connection draining](#agw-8---plan-for-backend-maintenance-by-using-connection-draining) | Governance | Medium | Preview | No | +| [AGW-8 - Plan for backend maintenance by using connection draining](#agw-8---plan-for-backend-maintenance-by-using-connection-draining) | Governance | Medium | Preview | Yes | | [AGW-9 - Ensure Application Gateway Subnet is using a /24 subnet mask](#agw-9---ensure-application-gateway-subnet-is-using-a-24-subnet-mask) | Networking | High | Preview | Yes | {{< /table >}} diff --git a/docs/content/services/networking/application-gateway/code/agw-8/agw-8.kql b/docs/content/services/networking/application-gateway/code/agw-8/agw-8.kql index 614a7f9ca..df93f76a0 100644 --- a/docs/content/services/networking/application-gateway/code/agw-8/agw-8.kql +++ b/docs/content/services/networking/application-gateway/code/agw-8/agw-8.kql @@ -1 +1,9 @@ -// under-development +// Azure Resource Graph Query +// This query will check if connection draining is enabled +resources +| where type =~ "microsoft.network/applicationGateways" +| mv-expand backendHttpSettings = properties.backendHttpSettingsCollection +| extend connectionDrainingEnabled = backendHttpSettings.properties.connectionDraining.enabled +| where connectionDrainingEnabled != true +| extend backendPoolName = backendHttpSettings.name +| project recommendationId = "agw-8", name, id, tags, param1 = "connectionDraining: Disabled", param2 = strcat("backendSettingsName: ", backendPoolName) diff --git a/docs/content/services/networking/application-gateway/code/agw-8/agw-8.kql.fix b/docs/content/services/networking/application-gateway/code/agw-8/agw-8.kql.fix deleted file mode 100644 index 87dd09a57..000000000 --- a/docs/content/services/networking/application-gateway/code/agw-8/agw-8.kql.fix +++ /dev/null @@ -1,8 +0,0 @@ -// Azure Resource Graph Query -// This query will check if connection draining is enabled -Resources -| where type =~ "microsoft.network/applicationGateways" -| extend appGatewayResourceId = tostring(id) -| extend connectionDrainingEnabled = tostring(properties.backendAddressPoolSettings.connectionDraining.enabled) -| project recommendationId = "agw-8", name, id, param1 = "appGatewayResourceId", param2 ="connectionDrainingEnabled" -