-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
Network_natGateways_ZoneAligned_Audit.json
55 lines (55 loc) · 1.86 KB
/
Network_natGateways_ZoneAligned_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
{
"properties": {
"displayName": "[Preview]: NAT gateway should be Zone Aligned",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "NAT gateway can be configured to be Zone Aligned or not. NAT gateway that has exactly one entry in its zones array is considered Zone Aligned. This policy ensures that an NAT gateway is configured to operate within a single availability zone.",
"metadata": {
"category": "Resilience",
"version": "1.0.0-preview",
"preview": true
},
"version": "1.0.0-preview",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "This parameter lets you choose the effect of the policy. If you choose Audit (default), the policy will only audit resources for compliance. If you choose Deny, the policy will deny the creation of non-compliant resources. If you choose Disabled, the policy will not enforce compliance (useful, for example, as a second assignment to ignore a subset of non-compliant resources in a single resource group)."
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/natGateways"
},
{
"not": {
"count": {
"field": "Microsoft.Network/natGateways/zones[*]"
},
"equals": 1
}
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0-PREVIEW"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/18314dc7-a25d-420c-a069-f094b25ff919",
"name": "18314dc7-a25d-420c-a069-f094b25ff919"
}