用于诊断设置的 Azure 自动化帐户策略
Azure Automation Account policy for Diagnostic Settings
我正在尝试在此处创建一个 Azure Policy 以在未为自动化帐户设置诊断设置时进行审核。
我找不到验证自动化帐户是否保存它的字段。
目前,我注意到了这一点,设置似乎在这里:
微软.Insights/diagnosticSettings
我的诊断设置可用:
/subscriptions/SUBSCRIPTIONID/resourcegroups/RESOURCEGROUP/providers/microsoft.automation/automationaccounts/AUTOMATIONACC/providers/microsoft.insights/diagnosticSettings/DIAGSETTINGNAME
但是我如何使用该信息来制定检查资源是否合规的策略?
您是否在寻找以下策略,在这里您可以在参数中传递自动化帐户(资源类型)。您可以找到 built-in 政策列表 here。
请按照此link查看 Azure 门户上的策略定义。
{
"properties": {
"displayName": "Audit diagnostic setting",
"policyType": "BuiltIn",
"mode": "All",
"description": "Audit diagnostic setting for selected resource types",
"metadata": {
"version": "1.0.0",
"category": "Monitoring"
},
"parameters": {
"listOfResourceTypes": {
"type": "Array",
"metadata": {
"displayName": "Resource Types",
"strongType": "resourceTypes"
}
}
},
"policyRule": {
"if": {
"field": "type",
"in": "[parameters('listOfResourceTypes')]"
},
"then": {
"effect": "AuditIfNotExists",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
"equals": "true"
},
{
"field": "Microsoft.Insights/diagnosticSettings/metrics.enabled",
"equals": "true"
}
]
}
}
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "7f89b1eb-583c-429a-8828-af049802c1d9"
}
我正在尝试在此处创建一个 Azure Policy 以在未为自动化帐户设置诊断设置时进行审核。
我找不到验证自动化帐户是否保存它的字段。
目前,我注意到了这一点,设置似乎在这里: 微软.Insights/diagnosticSettings
我的诊断设置可用: /subscriptions/SUBSCRIPTIONID/resourcegroups/RESOURCEGROUP/providers/microsoft.automation/automationaccounts/AUTOMATIONACC/providers/microsoft.insights/diagnosticSettings/DIAGSETTINGNAME
但是我如何使用该信息来制定检查资源是否合规的策略?
您是否在寻找以下策略,在这里您可以在参数中传递自动化帐户(资源类型)。您可以找到 built-in 政策列表 here。
请按照此link查看 Azure 门户上的策略定义。
{
"properties": {
"displayName": "Audit diagnostic setting",
"policyType": "BuiltIn",
"mode": "All",
"description": "Audit diagnostic setting for selected resource types",
"metadata": {
"version": "1.0.0",
"category": "Monitoring"
},
"parameters": {
"listOfResourceTypes": {
"type": "Array",
"metadata": {
"displayName": "Resource Types",
"strongType": "resourceTypes"
}
}
},
"policyRule": {
"if": {
"field": "type",
"in": "[parameters('listOfResourceTypes')]"
},
"then": {
"effect": "AuditIfNotExists",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
"equals": "true"
},
{
"field": "Microsoft.Insights/diagnosticSettings/metrics.enabled",
"equals": "true"
}
]
}
}
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "7f89b1eb-583c-429a-8828-af049802c1d9"
}