-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
CMKEnabled_Audit.json
50 lines (50 loc) · 1.75 KB
/
CMKEnabled_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
{
"properties": {
"displayName": "Fluid Relay should use customer-managed keys to encrypt data at rest",
"policyType": "BuiltIn",
"mode": "All",
"description": "Use customer-managed keys to manage the encryption at rest of your Fluid Relay server. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. Customer-managed keys enable the data to be encrypted with an Azure Key Vault key created and owned by you, with full control and responsibility, including rotation and management. Learn more at https://docs.microsoft.com/azure/azure-fluid-relay/concepts/customer-managed-keys.",
"metadata": {
"version": "1.0.0",
"category": "Fluid Relay"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.FluidRelay/fluidRelayServers"
},
{
"field": "Microsoft.FluidRelay/fluidRelayServers/encryption.customerManagedKeyEncryption",
"exists": "false"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/46388f67-373c-4018-98d3-2b83172dd13a",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "46388f67-373c-4018-98d3-2b83172dd13a"
}