AzPolicyAdvertizer

last sync: 2023-Jun-02 17:44:47 UTC

Azure Policy definition

Disable Command Invoke on Azure Kubernetes Service clusters

Name

Disable Command Invoke on Azure Kubernetes Service clusters
Azure Portal

1b708b0a-3380-40e9-8b79-821f9fa224cc

Version

1.0.1
details on versioning

Category

Kubernetes
Microsoft docs

Description

Disabling command invoke can enhance the security by rejecting invoke-command access to the cluster

Mode

Indexed

Type

BuiltIn

Preview

FALSE

Deprecated

FALSE

Effect

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

RBAC
Role(s)

Role Name	Role Id
Azure Kubernetes Service Contributor Role	ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
Azure Kubernetes Service Policy Add-on Deployment	18ed5180-3e48-46fd-8541-4ea054d57064

Rule
Aliases

THEN-ExistenceCondition (1)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.ContainerService/managedClusters/apiServerAccessProfile.disableRunCommand	Microsoft.ContainerService	managedClusters	properties.apiServerAccessProfile.disableRunCommand	false

Rule
ResourceTypes

IF (1)
Microsoft.ContainerService/managedClusters
THEN-Deployment (2)
Microsoft.ContainerService/managedClusters
Microsoft.Resources/deployments

Compliance

Not a Compliance control

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-10-21 16:42:13	change	Patch (1.0.0 > 1.0.1) *changes on text case sensitivity are not tracked
2022-04-01 20:29:14	add	1b708b0a-3380-40e9-8b79-821f9fa224cc

Initiatives
usage

none

JSON