AzPolicyAdvertizer

last sync: 2021-Oct-25 16:02:14 UTC

Azure Policy definition

Modify - Configure Azure Event Grid topics to disable public network access

Name Modify - Configure Azure Event Grid topics to disable public network access
Azure Portal

Id 36ea4b4b-0f7f-4a54-89fa-ab18f555a172

Version 1.0.0
details on versioning

Category Event Grid
Microsoft docs

Description Disable public network access for Azure Event Grid resource so that it isn't accessible over the public internet. This will help protect them against data leakage risks. You can limit exposure of the your resources by creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints.

Mode Indexed

Type BuiltIn

Preview FALSE

Deprecated FALSE

Effect Default: Modify
Allowed: (Modify, Disabled)

Used RBAC Role

Role Name	Role Id
EventGrid Contributor	1e241071-0855-49ea-94dc-649edcd759de

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-02-17 14:28:42	add	36ea4b4b-0f7f-4a54-89fa-ab18f555a172

Used in Initiatives none

JSON

{
  "displayName": "Modify - Configure Azure Event Grid topics to disable public network access",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Disable public network access for Azure Event Grid resource so that it isn't accessible over the public internet. This will help protect them against data leakage risks. You can limit exposure of the your resources by creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints.",
  "metadata": {
    "category": "Event Grid",
    "version": "1.0.0"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "Modify",
        "Disabled"
      ],
      "defaultValue": "Modify"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.EventGrid/topics"
        },
        {
          "field": "kind",
          "notEquals": "AzureArc"
        },
        {
          "field": "Microsoft.EventGrid/topics/publicNetworkAccess",
          "notEquals": "Disabled"
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "roleDefinitionIds": [
          "/providers/microsoft.authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de"
        ],
        "conflictEffect": "audit",
        "operations": [
          {
            "condition": "[greaterOrEquals(requestContext().apiVersion, '2020-04-01-preview')]",
            "operation": "addOrReplace",
            "field": "Microsoft.EventGrid/topics/publicNetworkAccess",
            "value": "Disabled"
          }
        ]
      }
    }
  }
}