Json |
{
"properties": {
"displayName": "Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "To enhance data security, the data stored on the virtual machine (VM) host of your Azure Kubernetes Service nodes VMs should be encrypted at rest. This is a common requirement in many regulatory and industry compliance standards.",
"metadata": {
"version": "1.0.0",
"category": "Kubernetes"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "'Audit' allows a non-compliant resource to be created or updated, but flags it as non-compliant. 'Deny' blocks the non-compliant resource creation or update. 'Disabled' turns off the policy."
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.ContainerService/managedClusters"
},
{
"count": {
"field": "Microsoft.ContainerService/managedClusters/agentPoolProfiles[*]",
"where": {
"anyOf": [
{
"field": "Microsoft.ContainerService/managedClusters/agentPoolProfiles[*].enableEncryptionAtHost",
"exists": "False"
},
{
"field": "Microsoft.ContainerService/managedClusters/agentPoolProfiles[*].enableEncryptionAtHost",
"equals": ""
},
{
"field": "Microsoft.ContainerService/managedClusters/agentPoolProfiles[*].enableEncryptionAtHost",
"equals": "false"
}
]
}
},
"greater": 0
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/41425d9f-d1a5-499a-9932-f8ed8453932c",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "41425d9f-d1a5-499a-9932-f8ed8453932c"
}
|