last sync: 2022-Sep-30 16:34:23 UTC

Azure Policy definition

Disable Command Invoke on Azure Kubernetes Service clusters

Name Disable Command Invoke on Azure Kubernetes Service clusters
Azure Portal
Id 1b708b0a-3380-40e9-8b79-821f9fa224cc
Version 1.0.0
details on versioning
Category Kubernetes
Microsoft docs
Description Disabling command invoke can enhance the security by rejecting invoke-command access to the cluster
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
Used RBAC Role
Role Name Role Id
Azure Kubernetes Service Contributor Role ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
Azure Kubernetes Service Policy Add-on Deployment 18ed5180-3e48-46fd-8541-4ea054d57064
Rule Aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.ContainerService/managedClusters/apiServerAccessProfile.disableRunCommand Microsoft.ContainerService managedClusters properties.apiServerAccessProfile.disableRunCommand false
Rule ResourceTypes IF (1)
THEN-Deployment (2)
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 add 1b708b0a-3380-40e9-8b79-821f9fa224cc
Used in Initiatives none