How do I govern subresources in ResourceProviders?

Gregory Suvalian 186 Reputation points
2020-05-18T13:55:21.097+00:00

There is AuditIfNotExists policy like below 

"policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.DBforPostgreSQL/servers"
      },
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.DBforPostgreSQL/servers/configurations",
          "name": "log_checkpoints",
          "existenceCondition": {
            "field": "Microsoft.DBforPostgreSQL/servers/configurations/value",
            "equals": "ON"
          }
        }
      }
    }
  },

How do I makes sure that log_checkpoints is always ON and nobody can deploy resource with this value being OFF or change existing resource from ON to OFF?

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
788 questions
Accepted answer
  1. Kenieva-MSFT 161 Reputation points Microsoft Employee
    2020-05-19T01:24:55.017+00:00

    Unfortunately, we do not support "deny" for data plane level resources at the moment. I would suggest adding this to our UserVoice. Thanks.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest