-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
PostgreSQL_InfrastructureEncryption_Audit.json
50 lines (50 loc) · 1.47 KB
/
PostgreSQL_InfrastructureEncryption_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
{
"properties": {
"displayName": "Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Enable infrastructure encryption for Azure Database for PostgreSQL servers to have higher level of assurance that the data is secure. When infrastructure encryption is enabled, the data at rest is encrypted twice using FIPS 140-2 compliant Microsoft managed keys",
"metadata": {
"version": "1.0.0",
"category": "SQL"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.DBforPostgreSQL/servers"
},
{
"field": "Microsoft.DBforPostgreSQL/servers/infrastructureEncryption",
"notEquals": "Enabled"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/24fba194-95d6-48c0-aea7-f65bf859c598",
"name": "24fba194-95d6-48c0-aea7-f65bf859c598"
}