/
WebApp_Slot_VnetConfigurationRouting_Audit.json
62 lines (62 loc) · 1.98 KB
/
WebApp_Slot_VnetConfigurationRouting_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
{
"properties": {
"displayName": "App Service app slots should enable configuration routing to Azure Virtual Network",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "By default, app configuration such as pulling container images and mounting content storage will not be routed through the regional virtual network integration. Using the API to set routing options to true enables configuration traffic through the Azure Virtual Network. These settings allow features like network security groups and user defined routes to be used, and service endpoints to be private. For more information, visit https://aka.ms/appservice-vnet-configuration-routing.",
"metadata": {
"version": "1.0.0",
"category": "App Service"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Web/sites/slots"
},
{
"field": "kind",
"notContains": "functionapp"
},
{
"anyOf": [
{
"field": "Microsoft.Web/sites/slots/vnetImagePullEnabled",
"notEquals": "true"
},
{
"field": "Microsoft.Web/sites/slots/vnetContentShareEnabled",
"notEquals": "true"
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/5747353b-1ca9-42c1-a4dd-b874b894f3d4",
"name": "5747353b-1ca9-42c1-a4dd-b874b894f3d4"
}