AzInitiativeAdvertizer

last sync: 2021-Jul-08 14:19:52 UTC

Azure Policy Initiative

Enable Azure Cosmos DB throughput policy

Name Enable Azure Cosmos DB throughput policy
Azure Portal

Id cb5e1e90-7c33-491c-a15b-24885c915752

Version 1.0.0
details on versioning

Category Cosmos DB
Microsoft docs

Description Enable throughput control for Azure Cosmos DB resources in the specified scope (Management group, Subscription or resource group). Takes max throughput as parameter. Use this policy to help enforce throughput control via the resource provider.

Type BuiltIn

Deprecated False

Preview False

History

Date/Time (UTC ymd) (i)	Changes
2020-05-29 15:39:26	add Initiative cb5e1e90-7c33-491c-a15b-24885c915752

Policy count Total Policies: 2
Builtin Policies: 2
Static Policies: 0

Policy used

Policy DisplayName	Policy Id	Category	Effect	State
Azure Cosmos DB key based metadata write access should be disabled	4750c32b-89c0-46af-bfcb-2e4541a818d5	Cosmos DB	Fixed: append	GA
Azure Cosmos DB throughput should be limited	0b7ef78e-a035-4f23-b9bd-aff122a1b1cf	Cosmos DB	Default: deny Allowed: (audit, deny, disabled)	GA

JSON

{
  "properties": {
    "displayName": "Enable Azure Cosmos DB throughput policy",
    "policyType": "BuiltIn",
    "description": "Enable throughput control for Azure Cosmos DB resources in the specified scope (Management group, Subscription or resource group). Takes max throughput as parameter. Use this policy to help enforce throughput control via the resource provider.",
    "metadata": {
      "version": "1.0.0",
      "category": "Cosmos DB"
    },
    "parameters": {
      "throughputMax": {
        "type": "Integer",
        "metadata": {
          "displayName": "Max RUs",
          "description": "The maximum throughput (RU/s) that can be assigned to a container via the Resource Provider during create or update."
        }
      },
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Policy Effect",
          "description": "The desired effect of the throughput limit policy. The key based metadata write access policy is always enforced."
        },
        "allowedValues": [
          "audit",
          "deny",
          "disabled"
        ],
        "defaultValue": "deny"
      }
    },
    "policyDefinitions": [
      {
        "policyDefinitionReferenceId": "Cosmos_MaxThroughput_Deny",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b7ef78e-a035-4f23-b9bd-aff122a1b1cf",
        "parameters": {
          "throughputMax": {
          "value": "[parameters('throughputMax')]"
          },
          "effect": {
          "value": "[parameters('effect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Cosmos_DisableMetadata_Append",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5"
      }
    ]
  },
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/cb5e1e90-7c33-491c-a15b-24885c915752",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "cb5e1e90-7c33-491c-a15b-24885c915752"
}