-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
NamespaceTopic_PrivateEndpoint_Audit.json
63 lines (63 loc) · 2.12 KB
/
NamespaceTopic_PrivateEndpoint_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
{
"properties": {
"displayName": "Azure Event Grid namespace topic broker should use private link",
"description": "Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to your Event Grid namespace instead of the entire service, you'll also be protected against data leakage risks. Learn more at: https://aka.ms/aeg-ns-privateendpoints.",
"metadata": {
"version": "1.0.0",
"category": "Event Grid"
},
"version": "1.0.0",
"policyType": "BuiltIn",
"mode": "Indexed",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.EventGrid/namespaces"
},
{
"count": {
"field": "Microsoft.EventGrid/namespaces/privateEndpointConnections[*]",
"where": {
"allOf": [
{
"field": "Microsoft.EventGrid/namespaces/privateEndpointConnections[*].privateLinkServiceConnectionState.status",
"equals": "Approved"
},
{
"field": "Microsoft.EventGrid/namespaces/privateEndpointConnections[*].groupIds[*]",
"equals": "topic"
}
]
}
},
"less": 1
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/1301a000-bc6b-4d90-8414-7091e3abdc40",
"name": "1301a000-bc6b-4d90-8414-7091e3abdc40"
}