/
CosmosDBInitiative.json
75 lines (75 loc) · 3.29 KB
/
CosmosDBInitiative.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
{
"properties": {
"displayName": "[Preview]: Control the use of CosmosDB in a Virtual Enclave",
"policyType": "BuiltIn",
"description": "This initiative deploys Azure policies for CosmosDB ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves",
"metadata": {
"version": "1.0.0-preview",
"category": "VirtualEnclaves",
"preview": true
},
"version": "1.0.0-preview",
"parameters": {
"maxDaysSinceLastRegeneration": {
"type": "String",
"metadata": {
"displayName": "Maximum number of days allowed since last account key regeneration.",
"description": "Specify the maximum number of days allowed since the last account key regeneration."
},
"defaultValue": "60"
}
},
"policyDefinitions": [
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f",
"policyDefinitionReferenceId": "CosmosDBShouldUseCmkForEncryption",
"definitionVersion": "1.*.*"
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/58440f8a-10c5-4151-bdce-dfbaad4a20b7",
"policyDefinitionReferenceId": "CosmosDBShouldUsePrivateLink",
"definitionVersion": "1.*.*"
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a",
"policyDefinitionReferenceId": "CosmosDBShouldDisablePublicNetworkAccess",
"definitionVersion": "1.*.*"
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2",
"policyDefinitionReferenceId": "CosmosDBShouldDisableLocalAuthentication",
"definitionVersion": "1.*.*"
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049",
"policyDefinitionReferenceId": "CosmosDBConfigureDisableLocalAuthentication",
"definitionVersion": "1.*.*"
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9d83ccb1-f313-46ce-9d39-a198bfdb51a0",
"policyDefinitionReferenceId": "CosmosDBShouldRotateAccountKeysOnSchedule",
"definitionVersion": "1.*.*",
"parameters": {
"maxDaysSinceLastRegeneration": {
"value": "[parameters('maxDaysSinceLastRegeneration')]"
}
}
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088",
"policyDefinitionReferenceId": "CosmosDBShouldConfigureDisablePublicNetworkAccess",
"definitionVersion": "1.*.*"
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656",
"policyDefinitionReferenceId": "CosmosDBShouldConfigureAdvancedThreatDetection",
"definitionVersion": "1.*.*"
}
],
"versions": [
"1.0.0-PREVIEW"
]
},
"id": "/providers/Microsoft.Authorization/policySetDefinitions/6bd484ca-ae8d-46cf-9b33-e1feef84bfba",
"name": "6bd484ca-ae8d-46cf-9b33-e1feef84bfba"
}