AzPolicyAdvertizer

last sync: 2025-Feb-14 18:36:58 UTC

Disable Command Invoke on Azure Kubernetes Service clusters

Azure BuiltIn Policy definition

Source Azure Portal
Display name Disable Command Invoke on Azure Kubernetes Service clusters
Id 1b708b0a-3380-40e9-8b79-821f9fa224cc
Version 1.2.0
Details on versioning
Versioning Versions supported for Versioning: 3
1.0.3
1.1.0
1.2.0
Built-in Versioning [Preview]
Category Kubernetes
Microsoft Learn
Description Disabling command invoke can enhance the security by rejecting invoke-command access to the cluster
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Azure Kubernetes Service Contributor Role ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
Azure Kubernetes Service Policy Add-on Deployment 18ed5180-3e48-46fd-8541-4ea054d57064
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.ContainerService/managedClusters/apiServerAccessProfile.disableRunCommand Microsoft.ContainerService managedClusters properties.apiServerAccessProfile.disableRunCommand True False
Rule resource types IF (1)
Microsoft.ContainerService/managedClusters
THEN-Deployment (2)
Microsoft.ContainerService/managedClusters
Microsoft.Resources/deployments
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
Enforce recommended guardrails for Kubernetes Enforce-Guardrails-Kubernetes Kubernetes GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-03-01 17:50:27 change Minor (1.1.0 > 1.2.0)
2024-01-12 18:35:06 change Minor (1.0.3 > 1.1.0)
2023-10-31 19:02:40 change Patch (1.0.2 > 1.0.3)
2023-10-23 17:41:36 change Patch (1.0.1 > 1.0.2)
2022-10-21 16:42:13 change Patch (1.0.0 > 1.0.1)
2022-04-01 20:29:14 add 1b708b0a-3380-40e9-8b79-821f9fa224cc
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC