Share via

Azure Synapse Custom Policy error - 'details' property could not be parsed

Sandra Barnett [Kinsey] 1 Reputation point
2021-04-07T21:15:57.933+00:00

Hello,

I would like to deploy a custom azure policy which removes the firewall rules on Azure Synapse if they exist. The purpose of this policy is to prevent public network access and restrict use of the Synapse workspace to private endpoints only.

My approach was to create a Modify affect to remove the firewall rules Start IP address and End IP address, however when I try to save my policy, I receive the following error:

85464-image.png

Are these aliases modifiable?

The built-in policy, "IP firewall rules on Azure Synapse workspaces should be removed" is nice, however I would like an effect other than "Audit."

Here is my policy rule: 

  "policyRule": {  
    "if": {  
      "allOf": [  
          {  
                "field": "type",  
                "equals": "Microsoft.Synapse/workspaces/firewallrules"  
          },  
          {  
                "field": "name",  
                "exists": "true"  
          }  
      ]  
    },  
    "then": {  
      "effect": "[parameters('effect')]",  
      "details": {  
        "conflictEffect": "audit",  
        "roleDefinitionIds": [  
          "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"  
        ],  
        "operations": [  
            {  
              "operation": "remove",  
              "field": "Microsoft.Synapse/workspaces/firewallRules/endIpAddress",  
              "value": "255.255.255.255"  
                
            },  
            {  
              "operation": "remove",  
              "field":"Microsoft.Synapse/workspaces/firewallRules/startIpAddress",  
              "value": "0.0.0.0"  
                
            }  
        ]  
      }  
    }  
  }

Thank you

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
5,295 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
988 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SwathiDhanwada-MSFT 18,911 Reputation points
    2021-04-09T13:43:24.1+00:00

    @Sandra Barnett [Kinsey] Welcome to Microsoft Q & A Community Forum. Currently only few aliases are supported for modifying the properties using "Modify" effect and firewall rules is not one of them. To get the list of aliases that can be used with "Modify" effect, you can use below PowerShell command. 

    Get-AzPolicyAlias | Select-Object -ExpandProperty 'Aliases' | Where-Object { $_.DefaultMetadata.Attributes -eq 'Modifiable' }
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.