AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

Configure CosmosDB accounts with private endpoints

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Configure CosmosDB accounts with private endpoints

b609e813-3156-4079-91fa-a8494c1471c4

Version

1.0.0
Details on versioning

Category

Cosmos DB
Microsoft Learn

Description

Private endpoints connect your virtual network to Azure services without a public IP address at the source or destination. By mapping private endpoints to your CosmosDB account, you can reduce data leakage risks. Learn more about private links at: https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints.

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

RBAC role(s)

Role Name	Role Id
Contributor	b24988ac-6180-42a0-ab88-20f7382dd24c
DocumentDB Account Contributor	5bd9cd88-fe45-4216-938b-f97437e15450

Rule aliases

THEN-ExistenceCondition (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/privateLinkServiceConnectionState.status	Microsoft.DocumentDB	databaseAccounts/privateEndpointConnections	properties.privateLinkServiceConnectionState.status	True		False

Rule resource types

IF (1)
Microsoft.DocumentDB/databaseAccounts
THEN-Deployment (2)
Microsoft.Network/privateEndpoints
Microsoft.Resources/deployments

Compliance

Not a Compliance control

Initiatives usage

none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-03-09 14:37:41	add	b609e813-3156-4079-91fa-a8494c1471c4

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC