question

SandraKinseyslkinsey-8969 avatar image
0 Votes"
SandraKinseyslkinsey-8969 asked SwathiDhanwada-MSFT answered

Azure Synapse Custom Policy error - 'details' property could not be parsed

Hello,

I would like to deploy a custom azure policy which removes the firewall rules on Azure Synapse if they exist. The purpose of this policy is to prevent public network access and restrict use of the Synapse workspace to private endpoints only.

My approach was to create a Modify affect to remove the firewall rules Start IP address and End IP address, however when I try to save my policy, I receive the following error:

85464-image.png



Are these aliases modifiable?

The built-in policy, "IP firewall rules on Azure Synapse workspaces should be removed" is nice, however I would like an effect other than "Audit."

Here is my policy rule:


   "policyRule": {
     "if": {
       "allOf": [
           {
                 "field": "type",
                 "equals": "Microsoft.Synapse/workspaces/firewallrules"
           },
           {
                 "field": "name",
                 "exists": "true"
           }
       ]
     },
     "then": {
       "effect": "[parameters('effect')]",
       "details": {
         "conflictEffect": "audit",
         "roleDefinitionIds": [
           "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
         ],
         "operations": [
             {
               "operation": "remove",
               "field": "Microsoft.Synapse/workspaces/firewallRules/endIpAddress",
               "value": "255.255.255.255"
                  
             },
             {
               "operation": "remove",
               "field":"Microsoft.Synapse/workspaces/firewallRules/startIpAddress",
               "value": "0.0.0.0"
                  
             }
         ]
       }
     }
   }


Thank you

azure-synapse-analyticsazure-policy
image.png (7.3 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@SandraKinseyslkinsey-8969 Did you get chance to check my previous comment ? Kindly revert if you have further questions.

0 Votes 0 ·

@SandraKinseyslkinsey-8969 Hope the information provided is useful. Kindly revert if you need further assistance.

0 Votes 0 ·

1 Answer

SwathiDhanwada-MSFT avatar image
0 Votes"
SwathiDhanwada-MSFT answered

@SandraKinseyslkinsey-8969 Welcome to Microsoft Q & A Community Forum. Currently only few aliases are supported for modifying the properties using "Modify" effect and firewall rules is not one of them. To get the list of aliases that can be used with "Modify" effect, you can use below PowerShell command.

 Get-AzPolicyAlias | Select-Object -ExpandProperty 'Aliases' | Where-Object { $_.DefaultMetadata.Attributes -eq 'Modifiable' }
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.