AzPolicyAdvertizer

last sync: 2023-Jun-19 17:45:01 UTC

Community Policy definition

Storage Account - Firewall Settings DENY

Name

Storage Account - Firewall Settings DENY
Community-Policy GitHub

storage-account-firewall-settings-deny

Version

1.0.0
details on versioning

Category

Storage Account
Microsoft docs

Description

This Azure Policy denies the deployment of an Azure Storage Account when the 'Allow access from' setting is not set to 'Selected networks' and when the Firewall does contain any IP addresses outside of the approved ones.

Mode

All

Type

Custom Community

Effect

Default
Deny
Allowed

Used RBAC Role

none

Rule Aliases

IF (2)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Storage/storageAccounts/networkAcls.defaultAction	Microsoft.Storage	storageAccounts	properties.networkAcls.defaultAction	true
Microsoft.Storage/storageAccounts/networkAcls.ipRules[*].value	Microsoft.Storage	storageAccounts	properties.networkAcls.ipRules[*].value	true

Rule ResourceTypes

IF (1)
Microsoft.Storage/storageAccounts

JSON