-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
ManagedHsm_PrivateEndpointEnabled_Audit.json
64 lines (64 loc) · 2 KB
/
ManagedHsm_PrivateEndpointEnabled_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
{
"properties": {
"displayName": "[Preview]: Azure Key Vault Managed HSM should use private link",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Private link provides a way to connect Azure Key Vault Managed HSM to your Azure resources without sending traffic over the public internet. Private link provides defense in depth protection against data exfiltration. Learn more at: https://docs.microsoft.com/azure/key-vault/managed-hsm/private-link",
"metadata": {
"version": "1.0.0-preview",
"category": "Key Vault",
"preview": true
},
"version": "1.0.0-preview",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.KeyVault/managedHSMs"
},
{
"anyOf": [
{
"field": "Microsoft.KeyVault/managedHSMs/privateEndpointConnections",
"exists": "false"
},
{
"count": {
"field": "Microsoft.KeyVault/managedHSMs/privateEndpointConnections[*]",
"where": {
"field": "Microsoft.KeyVault/managedHSMs/privateEndpointConnections[*].privateLinkServiceConnectionState.status",
"equals": "Approved"
}
},
"equals": 0
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0-PREVIEW"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/59fee2f4-d439-4f1b-9b9a-982e1474bfd8",
"name": "59fee2f4-d439-4f1b-9b9a-982e1474bfd8"
}