AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

Disable Command Invoke on Azure Kubernetes Service clusters

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Disable Command Invoke on Azure Kubernetes Service clusters

1b708b0a-3380-40e9-8b79-821f9fa224cc

Version

1.2.0
Details on versioning

Category

Kubernetes
Microsoft Learn

Description

Disabling command invoke can enhance the security by rejecting invoke-command access to the cluster

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

RBAC role(s)

Role Name	Role Id
Azure Kubernetes Service Contributor Role	ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
Azure Kubernetes Service Policy Add-on Deployment	18ed5180-3e48-46fd-8541-4ea054d57064

Rule aliases

THEN-ExistenceCondition (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.ContainerService/managedClusters/apiServerAccessProfile.disableRunCommand	Microsoft.ContainerService	managedClusters	properties.apiServerAccessProfile.disableRunCommand	True		False

Rule resource types

IF (1)
Microsoft.ContainerService/managedClusters
THEN-Deployment (2)
Microsoft.ContainerService/managedClusters
Microsoft.Resources/deployments

Compliance

Not a Compliance control

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
Enforce recommended guardrails for Kubernetes	Enforce-Guardrails-Kubernetes	Kubernetes	GA	ALZ

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2024-03-01 17:50:27	change	Minor (1.1.0 > 1.2.0)
2024-01-12 18:35:06	change	Minor (1.0.3 > 1.1.0)
2023-10-31 19:02:40	change	Patch (1.0.2 > 1.0.3)
2023-10-23 17:41:36	change	Patch (1.0.1 > 1.0.2)
2022-10-21 16:42:13	change	Patch (1.0.0 > 1.0.1)
2022-04-01 20:29:14	add	1b708b0a-3380-40e9-8b79-821f9fa224cc

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC