AzPolicyAdvertizer

last sync: 2021-May-17 14:22:45 UTC

Azure Policy definition

Public network access should be disabled for PostgreSQL flexible servers

Name Public network access should be disabled for PostgreSQL flexible servers
Azure Portal

Id 5e1de0e3-42cb-4ebc-a86d-61d0c619ca48

Version 1.0.0
details on versioning

Category SQL
Microsoft docs

Description Disabling the public network access property improves security by ensuring your Azure Database for PostgreSQL flexible servers can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range and denies all logins that match IP or virtual network-based firewall rules.

Mode Indexed

Type BuiltIn

Preview FALSE

Deprecated FALSE

Effect Default: Audit
Allowed: (Audit, Deny, Disabled)

Used RBAC Role none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2020-10-20 13:29:33	add	5e1de0e3-42cb-4ebc-a86d-61d0c619ca48

Used in Initiatives

Initiative DisplayName	Initiative Id	Initiative Category	State
[Preview]: CMMC Level 3	b5629c75-5c77-4422-87b9-2509e680f8de	Regulatory Compliance	Preview

JSON

{
  "properties": {
    "displayName": "Public network access should be disabled for PostgreSQL flexible servers",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Disabling the public network access property improves security by ensuring your Azure Database for PostgreSQL flexible servers can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range and denies all logins that match IP or virtual network-based firewall rules.",
    "metadata": {
      "version": "1.0.0",
      "category": "SQL"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.DBforPostgreSQL/flexibleServers"
          },
          {
            "field": "Microsoft.DBforPostgreSQL/flexibleServers/publicNetworkAccess",
            "notEquals": "Disabled"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "5e1de0e3-42cb-4ebc-a86d-61d0c619ca48"
}