azurepolicy | This repository contains sample Azure Policy | Azure library
kandi X-RAY | azurepolicy Summary
kandi X-RAY | azurepolicy Summary
This repository contains sample Azure Policy I shared on my blog Feel free to submit PR if you see any issues or potential update.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of azurepolicy
azurepolicy Key Features
azurepolicy Examples and Code Snippets
Community Discussions
Trending Discussions on azurepolicy
QUESTION
I was following this tutorial to setup AKS with Application Gateway Ingress Controller.
I am wondering what is the equivalent of this Azure CLI Command using Bicep Templates?
...ANSWER
Answered 2022-Mar-28 at 21:01You can use this template as starter: https://github.com/Azure/azure-quickstart-templates/blob/91da267dce8691485d916f7315a3fe6ffcee21aa/quickstarts/microsoft.network/aks-application-gateway-ingress-controller/azuredeploy.json#L1797
It's ARM, but you can easily transform it to Bicep, something like:
QUESTION
I am deploying in Azure AKS a regular deployment and i want to use keyvault to store my secrets to get access to a database.
This is my deployment file:
...ANSWER
Answered 2021-Sep-18 at 18:01I would like to know if when I create a new AKS cluster with the option "System-assigned managed identity" enabled a new "Managed Identity" is automathycally created?
I am asking this because I am not using any other "Managed Identity" but the one that I created manually.
These are the steps followed:
Create a new "Managed Identity"
In "Managed Identity" - "Access Control (IAM)" or "Azure role assignments" i don´t have permissions to add any role so i left it as default.
Create the "Key vault" and add a couple of "Secrets".
In "Key Vault" - "Access Policy" add a new access policy for the "Managed Identity" created and also a new access policy for the agent pool "SonarQubeCluster-agentpool"
When i check "AKSclusterName"-> "Properties" -> and click on "MC_xx_AKSclusterName_southcentralus" it seems that i do not have permissions as i get this message "You do not have authorization to access this resource."
In case that it helps to understand a little bit the issue i attched the logs from:
az aks show -g RG -n SonarQubeCluster
QUESTION
I want to deploy AKS cluster with User Assigned Identity. I have created the User assigned managed Identity before the cluster creation and pass this as a parameter. However, When I use the same in the ARM template, below is the observation:
- If the 'Identity" is 'SystemAssigned' -> The deployment will be successful
- If the 'Identity is 'UserAssigned' and provide the Resource ID for UserAssignedIdentity, the deployment fails telling that the 'servicePrincipalProfile' is not provided.
- If the 'Identity is 'UserAssigned' and 'servicePrincipalProfile' is provided ->Deployment is successful, but when I query the cluster for its Identity, the UserAssignedIdentity details are blank.
ARM Template reference: https://docs.microsoft.com/en-us/azure/templates/microsoft.containerservice/managedclusters#ManagedClusterServicePrincipalProfile
Template part that i am updating:
...ANSWER
Answered 2021-Jan-05 at 10:14as far as I can tell that is correct (almost), but you cannot use parameters for property names in arm templates, so you'd have to pre-render the template.
QUESTION
I am trying to create a policy for Azure CIS, and getting the following error when I attempt to deploy it via powershell on the management group level - im trying to figure out what is missing as it says invalid template.
It looks like the error is related to something to do with the scope, but not sure what exactly is going on:
...ANSWER
Answered 2020-Oct-20 at 06:30You are deploying the ARM template to a management group, but you are referencing the ARM template subscription() function. The subscription() function is only valid when deploying to a subscription or resource group. When deploying to a management group then there is no subscription that could be referenced.
To resolve this you need to deploy this policy to a subscription, not to a management group.
QUESTION
We were trying to implement a policy in azure to restrict role based assignment. We referenced below github policy, but during testing we observed it's not evaluating the roledefinitionIds defined in the parameter.
Tested with below roleIDs parameter -
b24988ac-6180-42a0-ab88-20f7382dd24c (Contributor Role)
acdd72a7-3385-48ef-bd42-f606fba81ae7 (Reader Role)
Ideally, it should whitelist the role IDs defined in the parameter, and deny the role assignment for other role IDs. But for some reason, during evaluation Azure policy service is not taking into account those role IDs defined in the parameter and instead restricting role based assignment for all the roles. Need help in troubleshooting this.
...ANSWER
Answered 2020-Jul-24 at 00:46You may input an invalid id. A valid Role definition id look like:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install azurepolicy
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page