-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
Arc_PrivateEndpoint_Audit.json
55 lines (55 loc) · 1.86 KB
/
Arc_PrivateEndpoint_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
{
"properties": {
"displayName": "Azure Arc Private Link Scopes should be configured with a private endpoint",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Azure Private Link lets you connect your virtual networks to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to Azure Arc Private Link Scopes, data leakage risks are reduced. Learn more about private links at: https://aka.ms/arc/privatelink.",
"metadata": {
"version": "1.0.0",
"category": "Azure Arc"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.HybridCompute/privateLinkScopes"
},
{
"count": {
"field": "Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections[*]",
"where": {
"field": "Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections[*].privateLinkServiceConnectionState.status",
"equals": "Approved"
}
},
"less": 1
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/7eab1da3-2bf0-4ff0-8303-1a4277c380e8",
"name": "7eab1da3-2bf0-4ff0-8303-1a4277c380e8"
}