last sync: 2021-Jul-23 16:37:57 UTC

Azure Policy definition

Container registries should have SKUs that support Private Links

Name Container registries should have SKUs that support Private Links
Azure Portal
Id bd560fc0-3c69-498a-ae9f-aa8eb7de0e13
Version 1.0.0
details on versioning
Category Container Registry
Microsoft docs
Description Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The private link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to your container registries instead of the entire service, data leakage risks are reduced. Learn more at: https://aka.ms/acr/private-link.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-16 16:49:20 add bd560fc0-3c69-498a-ae9f-aa8eb7de0e13
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Container registries should have SKUs that support Private Links",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The private link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to your container registries instead of the entire service, data leakage risks are reduced. Learn more at: https://aka.ms/acr/private-link.",
    "metadata": {
      "version": "1.0.0",
      "category": "Container Registry"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.ContainerRegistry/registries"
          },
          {
            "field": "Microsoft.ContainerRegistry/registries/sku.name",
            "notEquals": "Premium"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/bd560fc0-3c69-498a-ae9f-aa8eb7de0e13",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "bd560fc0-3c69-498a-ae9f-aa8eb7de0e13"
}