-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
Arc_PrivateLinkScope_PublicAccess_Modify.json
63 lines (63 loc) · 1.98 KB
/
Arc_PrivateLinkScope_PublicAccess_Modify.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
{
"properties": {
"displayName": "Configure Azure Arc Private Link Scopes to disable public network access",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Disable public network access for your Azure Arc Private Link Scope so that associated Azure Arc resources cannot connect to Azure Arc services over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/arc/privatelink.",
"metadata": {
"version": "1.0.0",
"category": "Azure Arc"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Modify",
"Disabled"
],
"defaultValue": "Modify"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.HybridCompute/privateLinkScopes"
},
{
"field": "Microsoft.HybridCompute/privateLinkScopes/publicNetworkAccess",
"notEquals": "Disabled"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"conflictEffect": "audit",
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302"
],
"operations": [
{
"condition": "[greaterOrEquals(requestContext().apiVersion, '2020-08-15-preview')]",
"operation": "addOrReplace",
"field": "Microsoft.HybridCompute/privateLinkScopes/publicNetworkAccess",
"value": "Disabled"
}
]
}
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/de0bc8ea-76e2-4fe2-a288-a07556d0e9c4",
"name": "de0bc8ea-76e2-4fe2-a288-a07556d0e9c4"
}