last sync: 2021-Jul-23 16:37:57 UTC

Azure Policy definition

Configure Azure File Sync with private endpoints

Name Configure Azure File Sync with private endpoints
Azure Portal
Id b35dddd9-daf7-423b-8375-5a5b86806d5a
Version 1.0.0
details on versioning
Category Storage
Microsoft docs
Description A private endpoint is deployed for the indicated Storage Sync Service resource. This enables you to address your Storage Sync Service resource from within the private IP address space of your organization's network, rather than through the internet-accessible public endpoint. The existence of one or more private endpoints by themselves does not disable the public endpoint.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
Used RBAC Role
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-02 15:11:40 add b35dddd9-daf7-423b-8375-5a5b86806d5a
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Configure Azure File Sync with private endpoints",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "A private endpoint is deployed for the indicated Storage Sync Service resource. This enables you to address your Storage Sync Service resource from within the private IP address space of your organization's network, rather than through the internet-accessible public endpoint. The existence of one or more private endpoints by themselves does not disable the public endpoint.",
    "metadata": {
      "version": "1.0.0",
      "category": "Storage"
    },
    "parameters": {
      "privateEndpointSubnetId": {
        "type": "String",
        "metadata": {
          "displayName": "privateEndpointSubnetId",
          "description": "A subnet with private endpoint network policies disabled.",
          "strongType": "Microsoft.Network/virtualNetworks/subnets"
        }
      },
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "DeployIfNotExists",
          "Disabled"
        ],
        "defaultValue": "DeployIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.StorageSync/storageSyncServices"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.StorageSync/storageSyncServices/privateEndpointConnections",
          "existenceCondition": {
            "field": "Microsoft.StorageSync/storageSyncServices/privateEndpointConnections/privateLinkServiceConnectionState.status",
            "equals": "Approved"
          },
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ],
          "deployment": {
            "properties": {
              "mode": "incremental",
              "parameters": {
                "name": {
                "value": "[field('name')]"
                },
                "serviceId": {
                "value": "[field('id')]"
                },
                "privateEndpointSubnetId": {
                "value": "[parameters('privateEndpointSubnetId')]"
                }
              },
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "name": {
                    "type": "string"
                  },
                  "serviceId": {
                    "type": "string"
                  },
                  "privateEndpointSubnetId": {
                    "type": "string"
                  }
                },
                "variables": {
                "privateEndpointName": "[concat('pe-',substring(parameters('name'),0,min(length(parameters('name')),50)),'-',uniquestring(deployment().name))]"
                },
                "resources": [
                  {
                    "type": "Microsoft.Resources/deployments",
                  "name": "[variables('privateEndpointName')]",
                    "apiVersion": "2020-06-01",
                    "properties": {
                      "mode": "Incremental",
                      "expressionEvaluationOptions": {
                        "scope": "inner"
                      },
                      "template": {
                        "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                        "contentVersion": "1.0.0.0",
                        "parameters": {
                          "serviceId": {
                            "type": "string"
                          },
                          "privateEndpointSubnetId": {
                            "type": "string"
                          },
                          "subnetLocation": {
                            "type": "string"
                          }
                        },
                        "variables": {
                        "privateEndpointName": "[deployment().name]"
                        },
                        "resources": [
                          {
                          "name": "[variables('privateEndpointName')]",
                            "type": "Microsoft.Network/privateEndpoints",
                            "apiVersion": "2020-07-01",
                          "location": "[parameters('subnetLocation')]",
                            "tags": {
                              
                            },
                            "properties": {
                              "subnet": {
                              "id": "[parameters('privateEndpointSubnetId')]"
                              },
                              "privateLinkServiceConnections": [
                                {
                                "name": "[variables('privateEndpointName')]",
                                  "properties": {
                                  "privateLinkServiceId": "[parameters('serviceId')]",
                                    "groupIds": [
                                      "afs"
                                    ],
                                    "requestMessage": "autoapprove"
                                  }
                                }
                              ],
                              "manualPrivateLinkServiceConnections": [
                                
                              ]
                            }
                          }
                        ]
                      },
                      "parameters": {
                        "serviceId": {
                        "value": "[parameters('serviceId')]"
                        },
                        "privateEndpointSubnetId": {
                        "value": "[parameters('privateEndpointSubnetId')]"
                        },
                        "subnetLocation": {
                        "value": "[reference(first(take(split(parameters('privateEndpointSubnetId'),'/subnets'),1)),'2020-07-01','Full').location]"
                        }
                      }
                    }
                  }
                ]
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/b35dddd9-daf7-423b-8375-5a5b86806d5a",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "b35dddd9-daf7-423b-8375-5a5b86806d5a"
}