last sync: 2020-Aug-05 13:05:28 UTC

Azure Policy Initiative

Enable Azure Cosmos DB throughput policy

Initiative DisplayName Enable Azure Cosmos DB throughput policy
Initiative Id cb5e1e90-7c33-491c-a15b-24885c915752
Initiative Category Cosmos DB
Initiative Description Enable throughput control for Azure Cosmos DB resources in the specified scope (Management group, Subscription or resource group). Takes max throughput as parameter. Use this policy to help enforce throughput control via the resource provider.
Initiative Type BuiltIn
Initiative Changes
Date/Time (UTC ymd) (i) Change(s)
2020-05-29 15:39:26 add Initiative cb5e1e90-7c33-491c-a15b-24885c915752
Initiative Policies count Total Policies: 2
Builtin Policies: 2/2
Static Policies: 0/2
Initiative Policies
Policy DisplayName Policy Id
Azure Cosmos DB key based metadata write access should be disabled 4750c32b-89c0-46af-bfcb-2e4541a818d5
Azure Cosmos DB throughput should be limited 0b7ef78e-a035-4f23-b9bd-aff122a1b1cf
Initiative Rule
{
  "properties": {
    "displayName": "Enable Azure Cosmos DB throughput policy",
    "policyType": "BuiltIn",
    "description": "Enable throughput control for Azure Cosmos DB resources in the specified scope (Management group, Subscription or resource group). Takes max throughput as parameter. Use this policy to help enforce throughput control via the resource provider.",
    "metadata": {
      "version": "1.0.0",
      "category": "Cosmos DB"
    },
    "parameters": {
      "throughputMax": {
        "type": "Integer",
        "metadata": {
          "displayName": "Max RUs",
          "description": "The maximum throughput (RU/s) that can be assigned to a container via the Resource Provider during create or update."
        }
      },
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Policy Effect",
          "description": "The desired effect of the throughput limit policy. The key based metadata write access policy is always enforced."
        },
        "allowedValues": [
          "audit",
          "deny",
          "disabled"
        ],
        "defaultValue": "deny"
      }
    },
    "policyDefinitions": [
      {
        "policyDefinitionReferenceId": "Cosmos_MaxThroughput_Deny",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b7ef78e-a035-4f23-b9bd-aff122a1b1cf",
        "parameters": {
          "throughputMax": {
          "value": "[parameters('throughputMax')]"
          },
          "effect": {
          "value": "[parameters('effect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Cosmos_DisableMetadata_Append",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5"
      }
    ]
  },
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/cb5e1e90-7c33-491c-a15b-24885c915752",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "cb5e1e90-7c33-491c-a15b-24885c915752"
}