last sync: 2020-Dec-03 15:30:53 UTC

Azure Policy definition

Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers

Name Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers
Azure Portal
Id 24fba194-95d6-48c0-aea7-f65bf859c598
Version 1.0.0
details on versioning
Category SQL
Microsoft docs
Description Enable infrastructure encryption for Azure Database for PostgreSQL servers to have higher level of assurance that the data is secure. When infrastructure encryption is enabled, the data at rest is encrypted twice using FIPS 140-2 compliant Microsoft managed keys
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-10-20 13:29:33 add 24fba194-95d6-48c0-aea7-f65bf859c598
Used in Initiatives none
Json
{
  "properties": {
    "displayName": "Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Enable infrastructure encryption for Azure Database for PostgreSQL servers to have higher level of assurance that the data is secure. When infrastructure encryption is enabled, the data at rest is encrypted twice using FIPS 140-2 compliant Microsoft managed keys",
    "metadata": {
      "version": "1.0.0",
      "category": "SQL"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.DBforPostgreSQL/servers"
          },
          {
            "field": "Microsoft.DBforPostgreSQL/servers/infrastructureEncryption",
            "notEquals": "Enabled"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/24fba194-95d6-48c0-aea7-f65bf859c598",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "24fba194-95d6-48c0-aea7-f65bf859c598"
}