AzPolicyAdvertizer

last sync: 2023-Jun-19 17:45:01 UTC

Community Policy definition

Address space must be pre-allocated for region

Name

Address space must be pre-allocated for region
Community-Policy GitHub

network_address-space-should-be-pre-allocated-for-region

Version

0.0.1-preview
details on versioning

Category

Network (Custom)
Microsoft docs

Description

This policy ensures that the address space allocated to a VNET has been pre-allocated for use within Azure, preventing peerings being utilised as an attack vector for null-routing traffic on the platform.

Mode

Indexed

Type

Custom Community

Effect

Default
Deny
Allowed
Deny, Audit, Disabled

Used RBAC Role

none

Rule Aliases

IF (2)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Network/virtualNetworks/addressSpace	Microsoft.Network	virtualNetworks	properties.addressSpace	false
Microsoft.Network/virtualNetworks/virtualNetworkPeerings[*]	Microsoft.Network	virtualNetworks	properties.VirtualNetworkPeerings[*]	false

Rule ResourceTypes

IF (1)
Microsoft.Network/virtualNetworks

JSON