Share via

How do I govern subresources in ResourceProviders?

Gregory Suvalian 186 Reputation points
2020-05-18T13:55:21.097+00:00

There is AuditIfNotExists policy like below 

"policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.DBforPostgreSQL/servers"
      },
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.DBforPostgreSQL/servers/configurations",
          "name": "log_checkpoints",
          "existenceCondition": {
            "field": "Microsoft.DBforPostgreSQL/servers/configurations/value",
            "equals": "ON"
          }
        }
      }
    }
  },

How do I makes sure that log_checkpoints is always ON and nobody can deploy resource with this value being OFF or change existing resource from ON to OFF?

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
Answer accepted by question author
  1. Kenieva-MSFT 161 Reputation points Microsoft Employee Moderator
    2020-05-19T01:24:55.017+00:00

    Unfortunately, we do not support "deny" for data plane level resources at the moment. I would suggest adding this to our UserVoice. Thanks.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.