-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
StorageAccountSecureTransfer_Modify.json
79 lines (79 loc) · 2.47 KB
/
StorageAccountSecureTransfer_Modify.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
{
"properties": {
"displayName": "Configure secure transfer of data on a storage account",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Secure transfer is an option that forces storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking",
"metadata": {
"version": "1.0.0",
"category": "Storage"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "string",
"defaultValue": "Modify",
"allowedValues": [
"Modify",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "The effect determines what happens when the policy rule is evaluated to match"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Storage/storageAccounts"
},
{
"anyOf": [
{
"allOf": [
{
"value": "[requestContext().apiVersion]",
"less": "2019-04-01"
},
{
"field": "Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly",
"exists": "false"
}
]
},
{
"field": "Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly",
"equals": "false"
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"conflictEffect": "audit",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"
],
"operations": [
{
"condition": "[greaterOrEquals(requestContext().apiVersion, '2019-04-01')]",
"operation": "addOrReplace",
"field": "Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly",
"value": true
}
]
}
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/f81e3117-0093-4b17-8a60-82363134f0eb",
"name": "f81e3117-0093-4b17-8a60-82363134f0eb"
}