Created
June 26, 2020 08:08
-
-
Save jesseloudon/312bdf8cac18fbf4196b1604d2573bb1 to your computer and use it in GitHub Desktop.
Define a variable list containing the display names of existing built-in policy definitions that you want to include in a policyset.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
variable "security_policyset_definitions" { | |
type = list | |
description = "List of policy definitions (display names) for the security_governance policyset" | |
default = [ | |
"Internet-facing virtual machines should be protected with network security groups", | |
"Subnets should be associated with a Network Security Group", | |
"Gateway subnets should not be configured with a network security group", | |
"Storage accounts should restrict network access", | |
"Secure transfer to storage accounts should be enabled", | |
"Access through Internet facing endpoint should be restricted", | |
"Storage accounts should allow access from trusted Microsoft services", | |
"RDP access from the Internet should be blocked", | |
"SSH access from the Internet should be blocked", | |
"Disk encryption should be applied on virtual machines", | |
"Automation account variables should be encrypted", | |
"Azure subscriptions should have a log profile for Activity Log", | |
"Email notification to subscription owner for high severity alerts should be enabled", | |
"A security contact email address should be provided for your subscription", | |
"Enable Azure Security Center on your subscription" | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment