-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
RedisCache_AuditSSLPort_Audit.json
50 lines (50 loc) · 1.46 KB
/
RedisCache_AuditSSLPort_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
{
"properties": {
"displayName": "Only secure connections to your Azure Cache for Redis should be enabled",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking",
"metadata": {
"version": "1.0.0",
"category": "Cache"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "The effect determines what happens when the policy rule is evaluated to match"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Cache/redis"
},
{
"field": "Microsoft.Cache/Redis/enableNonSslPort",
"equals": "true"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb",
"name": "22bee202-a82f-4305-9a2a-6d7f44d4dedb"
}