AzPolicyAdvertizer

last sync: 2021-May-10 15:04:35 UTC

Azure Policy definition

[Preview]: Azure Key Vaults should use private link

Name [Preview]: Azure Key Vaults should use private link
Azure Portal

Id a6abeaec-4d90-4a02-805f-6b26c4d3fbe9

Version 1.0.0-preview
details on versioning

Category Key Vault
Microsoft docs

Description Azure Private Link lets you connect your virtual networks to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to key vault, you can reduce data leakage risks. Learn more about private links at: https://aka.ms/akvprivatelink.

Mode Indexed

Type BuiltIn

Preview True

Deprecated FALSE

Effect Default: Audit
Allowed: (Audit, Deny, Disabled)

Used RBAC Role none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-04-21 13:28:46	add	a6abeaec-4d90-4a02-805f-6b26c4d3fbe9

Used in Initiatives none

JSON

{
  "properties": {
  "displayName": "[Preview]: Azure Key Vaults should use private link",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Azure Private Link lets you connect your virtual networks to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to key vault, you can reduce data leakage risks. Learn more about private links at: https://aka.ms/akvprivatelink.",
    "metadata": {
      "version": "1.0.0-preview",
      "category": "Key Vault",
      "preview": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.KeyVault/vaults"
          },
          {
            "count": {
            "field": "Microsoft.KeyVault/vaults/privateEndpointConnections[*]",
              "where": {
              "field": "Microsoft.KeyVault/vaults/privateEndpointConnections[*].privateLinkServiceConnectionState.status",
                "equals": "Approved"
              }
            },
            "less": 1
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/a6abeaec-4d90-4a02-805f-6b26c4d3fbe9",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "a6abeaec-4d90-4a02-805f-6b26c4d3fbe9"
}