Can you change a postgresql flexserver parameter using an Azure policy / remediation ?

Burket, Joseph 20 Reputation points
2024-04-01T21:01:22.3633333+00:00

Would like to be able to use an Azure policy to audit and change the connection throttling from off to on (for security) for a large number of PostgreSQL flex servers.

Azure Database for PostgreSQL
{count} votes

Accepted answer
  1. Oury Ba-MSFT 19,101 Reputation points Microsoft Employee
    2024-04-02T23:42:08.02+00:00

    @Burket, Joseph

    Use the below sample:

    {

    "mode": "All",

    "policyRule": {

    "if": {
    
      "allOf": [
    
        {
    
          "field": "type",
    
          "equals": "Microsoft.DBforPostgreSQL/flexibleServers"
    
        }
    
      ]
    
    },
    
    "then": {
    
      "effect": "[parameters('effect')]",
    
      "details": {
    
        "type": "Microsoft.DBforPostgreSQL/flexibleServers/configurations",
    
        "name": "require_secure_transport",
    
        "existenceCondition": {
    
          "field": "Microsoft.DBforPostgreSQL/flexibleServers/configurations/value",
    
          "equals": "ON"
    
        },
    
        "roleDefinitionIds": [
    
          "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
    
        ],
    
        "deployment": {
    
          "properties": {
    
            "mode": "incremental",
    
            "template": {
    
              "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    
              "contentVersion": "1.0.0.0",
    
              "parameters": {
    
                "serverName": {
    
                  "type": "string"
    
                }
    
              },
    
              "variables": {},
    
              "resources": [
    
                {
    
                  "name": "[concat(parameters('serverName'), '/connection_throttle.enable)]",
    
                  "type": "Microsoft.DBforPostgreSQL/flexibleServers/configurations",
    
                  "apiVersion": "2022-01-20-preview",
    
                  "properties": {
    
                    "value": "ON",
    
                    "source": "user-override"
    
                  }
    
                }
    
              ]
    
            },
    
            "parameters": {
    
              "serverName": {
    
                "value": "[field('name')]"
    
              }
    
            }
    
          }
    
        }
    
      }
    
    }
    

    },

    "parameters": {

    "effect": {
    
      "type": "String",
    
      "metadata": {
    
        "displayName": "Effect",
    
        "description": "Enable or disable the execution of the policy"
    
      },
    
      "allowedValues": [
    
        "DeployIfNotExists",
    
        "Disabled"
    
      ],
    
      "defaultValue": "DeployIfNotExists"
    
    }
    

    }

    }

    Regards,

    Oury

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.