last sync: 2020-Jul-02 13:28:37 UTC

Azure Policy

Bring your own key data protection should be enabled for PostgreSQL servers

Policy DisplayName Bring your own key data protection should be enabled for PostgreSQL servers
Policy Id 18adea5e-f416-4d0f-8aa8-d24321e3e274
Policy Category SQL
Policy Description This policy audits PostgreSQL servers in your environment without bring your own key data protection enabled. For more details, visit https://aka.ms/postgresqlbyok.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists,Disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-04-28 14:50:57 add: Policy 18adea5e-f416-4d0f-8aa8-d24321e3e274
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
    "displayName": "Bring your own key data protection should be enabled for PostgreSQL servers",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy audits PostgreSQL servers in your environment without bring your own key data protection enabled. For more details, visit https://aka.ms/postgresqlbyok.",
    "metadata": {
      "version": "1.0.0",
      "category": "SQL"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.DBforPostgreSQL/servers"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.DBforPostgreSQL/servers/keys",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.DBforPostgreSQL/servers/keys/serverKeyType",
                "equals": "AzureKeyVault"
              },
              {
                "field": "Microsoft.DBforPostgreSQL/servers/keys/uri",
                "notEquals": ""
              },
              {
                "field": "Microsoft.DBforPostgreSQL/servers/keys/uri",
                "exists": "true"
              }
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "18adea5e-f416-4d0f-8aa8-d24321e3e274"
}