Azure Policy to deny creation of Network Interfaces without NSG attached
Hey I am looking to assign Azure Policy which will deny creation of Network Interfaces without NSG attached.
I looked with build-in role and couldn't find anything related. Maybe someone have script that does the job.
Thanks for your help in advance.
I tried to create the azure policy to deny creation of network interface without NSG
I have created the policy definition named network
In the policy rule write the below json script to create the policy rules to deny the virtual network without NSG rules I took the example reference from git URL @withstu
{
"name": "Deny-Subnet-Without-Nsg",
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2022-11-22",
"scope": null,
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Subnets should have a Network Security Group",
"description": " policy will deny the creation of a network/subnet with out an NSG.",
"metadata": {
"version": "1.1.0",
"category": "Network"
},
"parameters": {
"effect": {
"type": "String",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Deny",
"metadata": {
"displayName": "Effect",
"description": " disable the execution of the policy"
}
},
"excludedSubnets": {
"type": "Array",
"metadata": {
"displayName": "Excluded Subnets",
"description": "subnets excluded from this policy"
},
"defaultValue": [
"GatewaySubnet",
"AzureFirewallSubnet",
"AzureFirewallManagementSubnet"
]
}
},
"policyRule": {
"if": {
"anyOf": [
{
"allOf": [
{
"equals": "Microsoft.Network/virtualNetworks",
"field": "type"
},
{
"exists": "false",
"field": "Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id"
}
]
},
{
"allOf": [
{
"equals": "Microsoft.Network/virtualNetworks/subnets",
"field": "type"
},
{
"field": "name",
"notIn": "[parameters('excludedSubnets')]"
},
{
"exists": "false",
"field": "Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id"
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
}
}
}
I have assigned the policy to the policy definition
In left side of the menu click on Assignment => click on assign policy and added the appropriate fields to create
After assigning the polices it will take 30 minutes to reflect
I am trying to creating the virtual network , I got the error because of deny subnet without NSG
- Flatten and filter multi-dimension JSON with JQ
- Panic while deserializing JSON data
- How to convert an XML string to a dictionary?
- JSON syntax error: 'unexpected number' or 'JSON.parse: expected ',' or '}' after property value in object'
- Have Jackson default to string if object not detected
- How to get the number of elements in a JSON array?
- PostgreSQL - Json data - Inserting into Target Table through Trigger
- Restful FedEx Trade Document Upload API - Can't upload signature or letterhead images
- Powershell update object property value not as expect
- request body is empty in backend while using fetch on express
- How to convert a Map to a List of keys
- C# serialize json to class
- How to extract images from a string in PHP?
- Nested Json to pandas DataFrame with specific format
- Flattening multi nested json into a pandas dataframe
- get title from JSON
- How to implement custom indentation when pretty-printing with the JSON module?
- Deserialize Map<Enum<?>, Object> in Java with Jackson library
- Convert bash array to JSON and write to file
- Refused to execute script, strict MIME type checking is enabled?
- jQuery ajaxForm returning .json file
- .NET API Update Includes ID
- .NET 8 (isolated worker model) PUT/POST methods have null body
- How to deserialize a Map with custom value type in serde?
- cannot use operator[] with a string argument with array (parsing json)
- How to use `json` in Rocket?
- I'm trying to convert data from csv to json . My csv input is split by (;) is there an easy way to do so?
- How can I respond to a POST request containing JSON data with Rocket?
- Manipulate Result type with JSON as content
- Jolt Replacing substring within a string