Route Table "FirewallDefaultRoute" not working with "Indexed" Azure Policies
Hi,
Probably there is an issue regarding the "AzureFirewallManagementSubnet" in combination with "indexed" Azure Custom Policies.
Currently I am using an Azure Policy Definition with the mode indexed
. Indexed means "only evaluate resource types that support tags and location". Surprisingly, the policy reports a resource with a GUID of the resource type microsoft.network/routetables
in the Azure Compliance. If I want to analyze the resource me in Detail over the Azure Compliance Center the message "Resource not found" apprears. If I am using Azure CLI there is the following output:
{
"disableBgpRoutePropagation": true,
"etag": "W/\"7c7f5191-f945-4e69-ad54-d13a2ea813be\"",
"id": "/subscriptions/2c3b3c57-d1ac-4fee-b76a-594051275804/resourceGroups/rg-example-vnethub-we-prod/providers/Microsoft.Network/routeTables/5cde1dd7-7e4f-49d9-a762-dad457c2bbf3",
"location": null,
"name": "5cde1dd7-7e4f-49d9-a762-dad457c2bbf3",
"provisioningState": "Succeeded",
"resourceGroup": "rg-example-test-we-prod",
"resourceGuid": "2d4804eb-1ac4-44ca-b264-fde226f7152f",
"routes": [
{
"addressPrefix": "0.0.0.0/0",
"etag": "W/\"6c7f5190-f945-4d69-ad54-d13a2ef813be\"",
"hasBgpOverride": false,
"id": "/subscriptions/39cfca0b-9e00-4f51-9289-9ab3fa21f0dd/resourceGroups/rg-example-test-we-prod/providers/Microsoft.Network/routeTables/5cde1dd7-7e4f-49d9-a762-dad457c2bbf3/routes/FirewallDefaultRoute",
"name": "FirewallDefaultRoute",
"nextHopIpAddress": null,
"nextHopType": "Internet",
"provisioningState": "Succeeded",
"resourceGroup": "rg-example-test-we-prod",
"type": "Microsoft.Network/routeTables/routes"
}
],
"subnets": null,
"tags": null,
"type": "Microsoft.Network/routeTables"
},
Why is the resource reported as non-complient, if "location": null,
and mode is indexed
in the Azure Policy? Could you please double-check this special Type of Route Table for the FirewallDefaultRoute
on Azure and provide me Feedback? Thx!
Best,
Stefan