-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
Kusto_clusters_ZoneRedundant_Audit.json
53 lines (53 loc) · 1.85 KB
/
Kusto_clusters_ZoneRedundant_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
{
"properties": {
"displayName": "[Preview]: Azure Data Explorer Clusters should be Zone Redundant",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Azure Data Explorer Clusters can be configured to be Zone Redundant or not. An Azure Data Explorer Cluster is considered Zone Redundant if it has at least two entries in its zones array. This policy helps ensure the your Azure Data Explorer Clusters are Zone Redundant.",
"metadata": {
"category": "Resilience",
"version": "1.0.0-preview",
"preview": true
},
"version": "1.0.0-preview",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "This parameter lets you choose the effect of the policy. If you choose Audit (default), the policy will only audit resources for compliance. If you choose Deny, the policy will deny the creation of non-compliant resources. If you choose Disabled, the policy will not enforce compliance (useful, for example, as a second assignment to ignore a subset of non-compliant resources in a single resource group)."
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"equals": "Microsoft.Kusto/clusters",
"field": "type"
},
{
"count": {
"field": "Microsoft.Kusto/clusters/zones[*]"
},
"less": 2
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0-PREVIEW"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/cbe58ab0-07a8-43ea-9ccc-8ea33e4d6aa5",
"name": "cbe58ab0-07a8-43ea-9ccc-8ea33e4d6aa5"
}