-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
FlexibleServers_EnableSSL_AINE.json
49 lines (49 loc) · 1.79 KB
/
FlexibleServers_EnableSSL_AINE.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
{
"properties": {
"displayName": "Enforce SSL connection should be enabled for PostgreSQL flexible servers",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL flexible server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database flexible server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your PostgreSQL flexible server.",
"metadata": {
"version": "1.0.0",
"category": "PostgreSQL"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
}
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.DBforPostgreSQL/flexibleServers"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.DBforPostgreSQL/flexibleServers/configurations",
"name": "require_secure_transport",
"existenceCondition": {
"field": "Microsoft.DBforPostgreSQL/flexibleServers/configurations/value",
"equals": "ON"
}
}
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/c29c38cb-74a7-4505-9a06-e588ab86620a",
"name": "c29c38cb-74a7-4505-9a06-e588ab86620a"
}