question

artisticcheese avatar image
0 Votes"
artisticcheese asked tbgangav-MSFT commented

How do I govern subresources in ResourceProviders?

There is AuditIfNotExists policy like below


 "policyRule": {
       "if": {
         "field": "type",
         "equals": "Microsoft.DBforPostgreSQL/servers"
       },
       "then": {
         "effect": "[parameters('effect')]",
         "details": {
           "type": "Microsoft.DBforPostgreSQL/servers/configurations",
           "name": "log_checkpoints",
           "existenceCondition": {
             "field": "Microsoft.DBforPostgreSQL/servers/configurations/value",
             "equals": "ON"
           }
         }
       }
     }
   },

How do I makes sure that log_checkpoints is always ON and nobody can deploy resource with this value being OFF or change existing resource from ON to OFF?



azure-policy
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Similar question is raised here. Sharing this information for the benefit of broader audience.


0 Votes 0 ·

1 Answer

KenievaMSFT-5537 avatar image
1 Vote"
KenievaMSFT-5537 answered

Unfortunately, we do not support "deny" for data plane level resources at the moment. I would suggest adding this to our UserVoice. Thanks.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.