last sync: 2023-Jun-02 17:44:47 UTC

Azure Policy definition

Disable Command Invoke on Azure Kubernetes Service clusters

Name Disable Command Invoke on Azure Kubernetes Service clusters
Azure Portal
Id 1b708b0a-3380-40e9-8b79-821f9fa224cc
Version 1.0.1
details on versioning
Category Kubernetes
Microsoft docs
Description Disabling command invoke can enhance the security by rejecting invoke-command access to the cluster
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
RBAC
Role(s)
Role Name Role Id
Azure Kubernetes Service Contributor Role ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
Azure Kubernetes Service Policy Add-on Deployment 18ed5180-3e48-46fd-8541-4ea054d57064
Rule
Aliases
THEN-ExistenceCondition (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.ContainerService/managedClusters/apiServerAccessProfile.disableRunCommand Microsoft.ContainerService managedClusters properties.apiServerAccessProfile.disableRunCommand false
Rule
ResourceTypes
IF (1)
Microsoft.ContainerService/managedClusters
THEN-Deployment (2)
Microsoft.ContainerService/managedClusters
Microsoft.Resources/deployments
Compliance Not a Compliance control
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-10-21 16:42:13 change Patch (1.0.0 > 1.0.1) *changes on text case sensitivity are not tracked
2022-04-01 20:29:14 add 1b708b0a-3380-40e9-8b79-821f9fa224cc
Initiatives
usage
none
JSON