This repository has been archived by the owner on May 24, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathpolicydefinition-deny_redis_http.tf
80 lines (75 loc) · 2.02 KB
/
policydefinition-deny_redis_http.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# This file was auto generated
resource "azurerm_policy_definition" "deny_redis_http" {
name = "Deny-Redis-http"
policy_type = "Custom"
mode = "All"
display_name = "Azure Cache for Redis only secure connections should be enabled"
description = "Audit enabling of only connections via SSL to Azure Cache for Redis. Validate both minimum TLS version and enableNonSslPort is disabled. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking"
metadata = <<METADATA
{
"version": "1.0.0",
"category": "Cache"
}
METADATA
management_group_name = var.management_group_name
policy_rule = <<POLICYRULE
{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Cache/redis"
},
{
"anyOf": [
{
"field": "Microsoft.Cache/Redis/enableNonSslPort",
"equals": "true"
},
{
"field": "Microsoft.Cache/Redis/minimumTlsVersion",
"notequals": "[parameters('minimumTlsVersion')]"
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
}
POLICYRULE
parameters = <<PARAMETERS
{
"effect": {
"type": "String",
"defaultValue": "Deny",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "The effect determines what happens when the policy rule is evaluated to match"
}
},
"minimumTlsVersion": {
"type": "String",
"defaultValue": "1.2",
"allowedValues": [
"1.2",
"1.1",
"1.0"
],
"metadata": {
"displayName": "Select minumum TLS version for Azure Cache for Redis.",
"description": "Select minimum TLS version for Azure Cache for Redis."
}
}
}
PARAMETERS
}
output "policydefinition_deny_redis_http" {
value = azurerm_policy_definition.deny_redis_http
}