-
Notifications
You must be signed in to change notification settings - Fork 518
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update Policy Library for Azure China (automated) (#2)
Co-authored-by: github-actions <action@github.com>
- Loading branch information
1 parent
4a4045b
commit 37c7775
Showing
114 changed files
with
19,170 additions
and
476 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,155 +0,0 @@ | ||
| { | ||
| name: 'Deny-AppGW-Without-WAF' | ||
| definitionID: '${varTargetManagementGroupResourceID}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGW-Without-WAF' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deny_appgw_without_waf.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Enforce-AKS-HTTPS' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deny_http_ingress_aks.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deny-IP-Forwarding' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deny_ip_forwarding.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deny-Priv-Containers-AKS' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deny_priv_containers_aks.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deny-Priv-Escalation-AKS' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deny_priv_escalation_aks.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deny-Public-Endpoints' | ||
| definitionID: '${varTargetManagementGroupResourceID}/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deny_public_endpoints.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deny-Public-IP' | ||
| definitionID: '${varTargetManagementGroupResourceID}/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deny_public_ip.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deny-RDP-From-Internet' | ||
| definitionID: '${varTargetManagementGroupResourceID}/providers/Microsoft.Authorization/policyDefinitions/Deny-RDP-From-Internet' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deny_rdp_from_internet.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deny-Resource-Locations' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deny_resource_locations.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deny-Resource-Types' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deny_resource_types.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deny-RSG-Locations' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deny_rsg_locations.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deny-Storage-http' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deny_storage_http.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deny-Subnet-Without-Nsg' | ||
| definitionID: '${varTargetManagementGroupResourceID}/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deny_subnet_without_nsg.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deny-Subnet-Without-Udr' | ||
| definitionID: '${varTargetManagementGroupResourceID}/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deny_subnet_without_udr.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deploy-AKS-Policy' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deploy_aks_policy.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deploy-ASC-Monitoring' | ||
| definitionID: '/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deploy_asc_monitoring.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deploy-ASCDF-Config' | ||
| definitionID: '${varTargetManagementGroupResourceID}/providers/Microsoft.Authorization/policySetDefinitions/Deploy-ASCDF-Config' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deploy_ascdf_config.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deploy-AzActivity-Log' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/2465583e-4e78-4c15-b6be-a36cbc7c8b0f' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deploy_azactivity_log.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deploy-Log-Analytics' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/8e3e61b3-0b32-22d5-4edf-55f87fdb5955' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deploy_log_analytics.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deploy-LX-Arc-Monitoring' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deploy_lx_arc_monitoring.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deploy-Private-DNS-Zones' | ||
| definitionID: '${varTargetManagementGroupResourceID}/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deploy_private_dns_zones.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deploy-Resource-Diag' | ||
| definitionID: '${varTargetManagementGroupResourceID}/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deploy_resource_diag.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deploy-SQL-DB-Auditing' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deploy_sql_db_auditing.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deploy-SQL-Security' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deploy_sql_security.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deploy-SQL-Threat' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deploy_sql_threat.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deploy-VM-Backup' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deploy_vm_backup.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deploy-VM-Monitoring' | ||
| definitionID: '/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deploy_vm_monitoring.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deploy-VMSS-Monitoring' | ||
| definitionID: '/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deploy_vmss_monitoring.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Deploy-WS-Arc-Monitoring' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/69af7d4a-7b18-4044-93a9-2651498ef203' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_deploy_ws_arc_monitoring.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Enable-DDoS-VNET' | ||
| definitionID: '/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_enable_ddos_vnet.tmpl.json')) | ||
| } | ||
| { | ||
| name: 'Enforce-TLS-SSL' | ||
| definitionID: '${varTargetManagementGroupResourceID}/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit' | ||
| libDefinition: json(loadTextContent('./lib/policy_assignments/policy_assignment_es_enforce_tls_ssl.tmpl.json')) | ||
| } | ||
Oops, something went wrong.