Create Namespaces_PublicNetworkAccess_AuditDeny.json

Azure · Oct 23, 2023 · 714391b · 714391b
1 parent 9577fd5
commit 714391b
Showing 1 changed file with 47 additions and 0 deletions.
diff --git a/built-in-policies/policyDefinitions/Event Grid/Namespaces_PublicNetworkAccess_AuditDeny.json b/built-in-policies/policyDefinitions/Event Grid/Namespaces_PublicNetworkAccess_AuditDeny.json
@@ -0,0 +1,47 @@
+{
+  "properties": {
+    "displayName": "Azure Event Grid namespaces should disable public network access",
+    "description": "Disabling public network access improves security by ensuring that the resource isn't exposed on the public internet. You can limit exposure of your resources by creating private endpoints instead. Learn more at: https://aka.ms/aeg-ns-privateendpoints.",
+    "metadata": {
+      "version": "1.0.0",
+      "category": "Event Grid"
+    },
+    "version": "1.0.0",
+    "policyType": "BuiltIn",
+    "mode": "Indexed",
+    "parameters": {
+      "effect": {
+        "type": "String",
+        "metadata": {
+          "displayName": "Effect",
+          "description": "Enable or disable the execution of the policy"
+        },
+        "allowedValues": [
+          "Audit",
+          "Deny",
+          "Disabled"
+        ],
+        "defaultValue": "Audit"
+      }
+    },
+    "policyRule": {
+      "if": {
+        "allOf": [
+          {
+            "field": "type",
+            "equals": "Microsoft.EventGrid/namespaces"
+          },
+          {
+            "field": "Microsoft.EventGrid/namespaces/publicNetworkAccess",
+            "notEquals": "Disabled"
+          }
+        ]
+      },
+      "then": {
+        "effect": "[parameters('effect')]"
+      }
+    }
+  },
+  "id": "/providers/Microsoft.Authorization/policyDefinitions/161acee8-4a5a-431e-9c54-f9d68a2d55cf",
+  "name": "161acee8-4a5a-431e-9c54-f9d68a2d55cf"
+}