AzPolicyAdvertizer

last sync: 2023-Jun-19 17:45:01 UTC

Community Policy definition

Storage Accounts firewall IP rules may only contain IPs from a list of approved IPs

Name

Storage Accounts firewall IP rules may only contain IPs from a list of approved IPs
Community-Policy GitHub

storage_deny-storage-account-firewall-ip-rules-may-only-contain-ips-from-a-list-of-approved-ips

Version

n/a
details on versioning

Category

undefined
Microsoft docs

Description

Storage Account firewalls can have IP rules. Typically we don't want to allow users to add any IP or range to the firewall, but instead, as is more typical, we want only corporate public IP space to be allowed within the firewall. This Policy can detect if an IP or range of IPs being added to the firewall on a storage account is within a list of IPs that you pass into this Policy.

Mode

Indexed

Type

Custom Community

Effect

Default
Audit
Allowed
Audit, Deny, Disabled

Used RBAC Role

none

Rule Aliases

IF (1)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Storage/storageAccounts/networkAcls.ipRules[*]	Microsoft.Storage	storageAccounts	properties.networkAcls.ipRules[*]	true

Rule ResourceTypes

IF (1)
Microsoft.Storage/storageAccounts

JSON