last sync: 2021-Jul-23 16:37:57 UTC

Azure Policy definition

Configure private DNS zones for private endpoints connected to App Configuration

Name Configure private DNS zones for private endpoints connected to App Configuration
Azure Portal
Id 7a860e27-9ca2-4fc6-822d-c2d248c300df
Version 1.0.0
details on versioning
Category App Configuration
Microsoft docs
Description Use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone can be linked to your virtual network to resolve app configuration instances. Learn more at: https://aka.ms/appconfig/private-endpoint.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
Used RBAC Role
Role Name Role Id
Network Contributor 4d97b98b-1d4f-4787-a291-c67834d212e7
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-02 15:11:40 add 7a860e27-9ca2-4fc6-822d-c2d248c300df
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Configure private DNS zones for private endpoints connected to App Configuration",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone can be linked to your virtual network to resolve app configuration instances. Learn more at: https://aka.ms/appconfig/private-endpoint.",
    "metadata": {
      "version": "1.0.0",
      "category": "App Configuration"
    },
    "parameters": {
      "privateDnsZoneId": {
        "type": "String",
        "metadata": {
          "displayName": "Private DNS zone",
          "description": "Specifies the private DNS zone to use to configure private endpoint",
          "strongType": "Microsoft.Network/privateDnsZones"
        }
      },
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "DeployIfNotExists",
          "Disabled"
        ],
        "defaultValue": "DeployIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Network/privateEndpoints"
          },
          {
            "count": {
            "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]",
              "where": {
              "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]",
                "equals": "configurationStores"
              }
            },
            "greaterOrEquals": 1
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"
          ],
          "deployment": {
            "properties": {
              "mode": "incremental",
              "parameters": {
                "privateDnsZoneId": {
                "value": "[parameters('privateDnsZoneId')]"
                },
                "privateEndpointName": {
                "value": "[field('name')]"
                },
                "location": {
                "value": "[field('location')]"
                }
              },
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "privateDnsZoneId": {
                    "type": "string"
                  },
                  "privateEndpointName": {
                    "type": "string"
                  },
                  "location": {
                    "type": "string"
                  }
                },
                "resources": [
                  {
                  "name": "[concat(parameters('privateEndpointName'), '/deployedByPolicy')]",
                    "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
                    "apiVersion": "2020-03-01",
                  "location": "[parameters('location')]",
                    "properties": {
                      "privateDnsZoneConfigs": [
                        {
                          "name": "privatelink-azconfig-io",
                          "properties": {
                          "privateDnsZoneId": "[parameters('privateDnsZoneId')]"
                          }
                        }
                      ]
                    }
                  }
                ]
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "7a860e27-9ca2-4fc6-822d-c2d248c300df"
}