last sync: 2021-Oct-25 16:02:14 UTC

Azure Policy definition

Modify - Configure Azure Event Grid topics to disable public network access

Name Modify - Configure Azure Event Grid topics to disable public network access
Azure Portal
Id 36ea4b4b-0f7f-4a54-89fa-ab18f555a172
Version 1.0.0
details on versioning
Category Event Grid
Microsoft docs
Description Disable public network access for Azure Event Grid resource so that it isn't accessible over the public internet. This will help protect them against data leakage risks. You can limit exposure of the your resources by creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Modify
Allowed: (Modify, Disabled)
Used RBAC Role
Role Name Role Id
EventGrid Contributor 1e241071-0855-49ea-94dc-649edcd759de
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-02-17 14:28:42 add 36ea4b4b-0f7f-4a54-89fa-ab18f555a172
Used in Initiatives none
JSON
{
  "displayName": "Modify - Configure Azure Event Grid topics to disable public network access",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Disable public network access for Azure Event Grid resource so that it isn't accessible over the public internet. This will help protect them against data leakage risks. You can limit exposure of the your resources by creating private endpoints instead. Learn more at: https://aka.ms/privateendpoints.",
  "metadata": {
    "category": "Event Grid",
    "version": "1.0.0"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "Modify",
        "Disabled"
      ],
      "defaultValue": "Modify"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.EventGrid/topics"
        },
        {
          "field": "kind",
          "notEquals": "AzureArc"
        },
        {
          "field": "Microsoft.EventGrid/topics/publicNetworkAccess",
          "notEquals": "Disabled"
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "roleDefinitionIds": [
          "/providers/microsoft.authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de"
        ],
        "conflictEffect": "audit",
        "operations": [
          {
            "condition": "[greaterOrEquals(requestContext().apiVersion, '2020-04-01-preview')]",
            "operation": "addOrReplace",
            "field": "Microsoft.EventGrid/topics/publicNetworkAccess",
            "value": "Disabled"
          }
        ]
      }
    }
  }
}