last sync: 2021-Jul-23 16:37:57 UTC

Azure Policy definition

Configure Azure Cache for Redis to disable public network access

Name Configure Azure Cache for Redis to disable public network access
Azure Portal
Id 30b3dfa5-a70d-4c8e-bed6-0083858f663d
Version 1.0.0
details on versioning
Category Cache
Microsoft docs
Description Disable public network access for your Azure Cache for Redis resource so that it's not accessible over the public internet. This helps protect the cache against data leakage risks.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Modify
Allowed: (Modify, Disabled)
Used RBAC Role
Role Name Role Id
Redis Cache Contributor e0f68234-74aa-48ed-b826-c38b57376e17
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-09 14:37:41 add 30b3dfa5-a70d-4c8e-bed6-0083858f663d
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Configure Azure Cache for Redis to disable public network access",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Disable public network access for your Azure Cache for Redis resource so that it's not accessible over the public internet. This helps protect the cache against data leakage risks.",
    "metadata": {
      "category": "Cache",
      "version": "1.0.0"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Modify",
          "Disabled"
        ],
        "defaultValue": "Modify"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Cache/Redis"
          },
          {
            "field": "Microsoft.Cache/Redis/publicNetworkAccess",
            "notEquals": "Disabled"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "conflictEffect": "audit",
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17"
          ],
          "operations": [
            {
            "condition": "[greaterOrEquals(requestContext().apiVersion, '2020-06-01')]",
              "operation": "addOrReplace",
              "field": "Microsoft.Cache/Redis/publicNetworkAccess",
              "value": "Disabled"
            }
          ]
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/30b3dfa5-a70d-4c8e-bed6-0083858f663d",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "30b3dfa5-a70d-4c8e-bed6-0083858f663d"
}