-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
Network_loadBalancers_ZoneResilient_Audit.json
51 lines (51 loc) · 1.82 KB
/
Network_loadBalancers_ZoneResilient_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
{
"properties": {
"displayName": "[Preview]: Load Balancers should be Zone Resilient",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Load Balancers with a sku other than Basic inherit the resilience of the Public IP addresses in their frontend. When combined with the 'Public IP addresses should be Zone Resilient' policy, this approach ensures the necessary redundancy to withstand a zone outage.",
"metadata": {
"category": "Resilience",
"version": "1.0.0-preview",
"preview": true
},
"version": "1.0.0-preview",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "This parameter lets you choose the effect of the policy. If you choose Audit (default), the policy will only audit resources for compliance. If you choose Deny, the policy will deny the creation of non-compliant resources. If you choose Disabled, the policy will not enforce compliance (useful, for example, as a second assignment to ignore a subset of non-compliant resources in a single resource group)."
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/loadBalancers"
},
{
"field": "Microsoft.Network/loadBalancers/sku.name",
"equals": "Basic"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0-PREVIEW"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/42daa901-5969-47ef-92cb-b75df946195a",
"name": "42daa901-5969-47ef-92cb-b75df946195a"
}