-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
HostingEnvironment_InternalLoadBalancingMode_Audit.json
66 lines (66 loc) · 2 KB
/
HostingEnvironment_InternalLoadBalancingMode_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
{
"properties": {
"displayName": "App Service Environment apps should not be reachable over public internet",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "To ensure apps deployed in an App Service Environment are not accessible over public internet, one should deploy App Service Environment with an IP address in virtual network. To set the IP address to a virtual network IP, the App Service Environment must be deployed with an internal load balancer.",
"metadata": {
"version": "3.0.0",
"category": "App Service"
},
"version": "3.0.0",
"parameters": {
"effect": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Web/hostingEnvironments"
},
{
"field": "kind",
"like": "ASE*"
},
{
"field": "Microsoft.Web/HostingEnvironments/internalLoadBalancingMode",
"notContains": "2"
},
{
"field": "Microsoft.Web/HostingEnvironments/internalLoadBalancingMode",
"notContains": "3"
},
{
"field": "Microsoft.Web/HostingEnvironments/internalLoadBalancingMode",
"notContains": "Web"
},
{
"field": "Microsoft.Web/HostingEnvironments/internalLoadBalancingMode",
"notContains": "Publishing"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"3.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3",
"name": "2d048aca-6479-4923-88f5-e2ac295d9af3"
}