AzPolicyAdvertizer

last sync: 2023-Jun-19 17:45:01 UTC

Community Policy definition

Deploy NSG Flow Logs to Target Region

Name Deploy NSG Flow Logs to Target Region
Community-Policy GitHub
Id network_deploy-nsg-flow-logs
Version n/a
details on versioning
Category undefined
Microsoft docs
Description This Policy will deploy NSG Flow Logs for a target region. You'll need to do a unique assignment of this Policy for each region you wish to enable NSG Flow Logs in. NSG Flow Logs require that the Storage Account used for logging be in the same region as the NSG you're enabling Flow Logs on.
Mode All
Type Custom Community
Effect Fixed
deployIfNotExists
Used RBAC Role
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
Rule Aliases THEN-ExistenceCondition (3)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Network/networkWatchers/flowLogs/enabled Microsoft.Network networkWatchers/flowLogs properties.enabled false
Microsoft.Network/networkWatchers/flowLogs/storageId Microsoft.Network networkWatchers/flowLogs properties.storageId false
Microsoft.Network/networkWatchers/flowLogs/targetResourceId Microsoft.Network networkWatchers/flowLogs properties.targetResourceId false
Rule ResourceTypes IF (1)
Microsoft.Network/networkSecurityGroups
THEN-Deployment (1)
Microsoft.Network/networkWatchers/flowLogs
JSON