Created
November 29, 2021 08:23
-
-
Save ehrnst/1830759c5c252f8e16446e626a9e971c to your computer and use it in GitHub Desktop.
Postgres Azure policy for geo replication with tag override
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"properties": { | |
"displayName": "PostgreSQL should have Geo replication enabled", | |
"policyType": "Custom", | |
"mode": "Indexed", | |
"description": "This policy checks wheter Geo replication is enabled or not. You can exclude the database from the policy by adding 'noGeo' : 'true' as tag and value", | |
"metadata": { | |
"category": "SQL", | |
"createdBy": "75e5f040-6c35-4bc7-baef-eae05fc48acb", | |
"createdOn": "2021-03-22T12:10:49.814614Z", | |
"updatedBy": null, | |
"updatedOn": null | |
}, | |
"parameters": { | |
"effect": { | |
"type": "String", | |
"metadata": { | |
"displayName": "Effect", | |
"description": "Enable or disable the execution of the policy" | |
}, | |
"allowedValues": [ | |
"Audit", | |
"Deny", | |
"Disabled" | |
], | |
"defaultValue": "Audit" | |
} | |
}, | |
"policyRule": { | |
"if": { | |
"allOf": [ | |
{ | |
"field": "type", | |
"equals": "Microsoft.DBforPostgreSQL/servers" | |
}, | |
{ | |
"field": "Microsoft.DBforPostgreSQL/servers/replicationRole", | |
"equals": "None" | |
}, | |
{ | |
"field": "[concat('tags[', 'noGeo', ']')]", | |
"notEquals": "true" | |
} | |
] | |
}, | |
"then": { | |
"effect": "[parameters('effect')]" | |
} | |
} | |
}, | |
"id": "/subscriptions//providers/Microsoft.Authorization/policyDefinitions/e2a95e10-761d-4cd2-8e61-eefb5681d7d7", | |
"type": "Microsoft.Authorization/policyDefinitions", | |
"name": "e2a95e10-761d-4cd2-8e61-eefb5681d7d7" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment