Azure Policy - 检查 Blob 容器访问级别
Azure Policy - Check Blob container access level
我正在创建一个策略来检查 Azure 存储帐户中的 Blob 容器访问级别是否设置为 "Anonymous"。
这是我创建的策略。
{
"properties": {
"displayName": "check if Blob container access level is set to Anonymous",
"description": "check the container access level",
"mode": "all",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Storage/storageAccounts/blobServices/containers"
},
{
"not": {
"field": "Microsoft.Storage/storageAccounts/containers/publicAccess",
"equals": "False"
}
}
]
},
"then": {
"effect": "Audit"
}
}
}
}
无法检测容器访问级别。
正如 issue 所说,存储团队将在 2020 年 6 月 30 日之前发布存储帐户的 public 访问权限设置。客户可以使用它来控制对所有容器的 public 访问权限存储帐户。
After it's released on storage, we will work with Azure Policy team to integrate the setting with Azure Policy so customers can us Azure Policy to audit and govern public access across storage accounts.
我们尽最大努力尽早发布上述特性和功能。
我正在创建一个策略来检查 Azure 存储帐户中的 Blob 容器访问级别是否设置为 "Anonymous"。
这是我创建的策略。
{
"properties": {
"displayName": "check if Blob container access level is set to Anonymous",
"description": "check the container access level",
"mode": "all",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Storage/storageAccounts/blobServices/containers"
},
{
"not": {
"field": "Microsoft.Storage/storageAccounts/containers/publicAccess",
"equals": "False"
}
}
]
},
"then": {
"effect": "Audit"
}
}
}
}
无法检测容器访问级别。
正如 issue 所说,存储团队将在 2020 年 6 月 30 日之前发布存储帐户的 public 访问权限设置。客户可以使用它来控制对所有容器的 public 访问权限存储帐户。
After it's released on storage, we will work with Azure Policy team to integrate the setting with Azure Policy so customers can us Azure Policy to audit and govern public access across storage accounts.
我们尽最大努力尽早发布上述特性和功能。