-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4c84d8c
commit fb319d2
Showing
6 changed files
with
124 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| { | ||
| "extend_es_landing_zones": { | ||
| "policy_assignments": ["Deny-Resource-Locations", "SOC2Type2", "ISO27001_2013"], | ||
| "policy_definitions": [], | ||
| "policy_set_definitions": [], | ||
| "role_definitions": [], | ||
| "archetype_config": { | ||
| "parameters": { | ||
| "Deny-Resource-Locations": { | ||
| "listOfAllowedLocations": ["westeurope"] | ||
| }, | ||
| "SOC2Type2": { | ||
| "allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469": "^[^\\/]+\\.azurecr\\.io\\/.+$", | ||
| "cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164": "200m", | ||
| "memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164": "1Gi" | ||
| } | ||
| }, | ||
| "access_control": {} | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| { | ||
| "extend_es_root": { | ||
| "policy_assignments": ["SOC2Type2", "ISO27001_2013"], | ||
| "policy_definitions": [], | ||
| "policy_set_definitions": [], | ||
| "role_definitions": [], | ||
| "archetype_config": { | ||
| "parameters": { | ||
| "SOC2Type2": { | ||
| "allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469": "^[^\\/]+\\.azurecr\\.io\\/.+$", | ||
| "cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164": "200m", | ||
| "memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164": "1Gi" | ||
| } | ||
| }, | ||
| "access_control": { | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| { | ||
| "name": "ISO27001_2013", | ||
| "type": "Microsoft.Authorization/policyAssignments", | ||
| "apiVersion": "2021-06-01", | ||
| "properties": { | ||
| "description": "The International Organization for Standardization (ISO) 27001 standard provides requirements for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS). These policies address a subset of ISO 27001:2013 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/iso27001-init", | ||
| "displayName": "ISO 27001:2013", | ||
| "notScopes": [], | ||
| "parameters": {}, | ||
| "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2", | ||
| "scope": "${current_scope_resource_id}", | ||
| "enforcementMode": null | ||
| }, | ||
| "location": "${default_location}", | ||
| "identity": { | ||
| "type": "SystemAssigned" | ||
| } | ||
| } |
24 changes: 24 additions & 0 deletions
24
lib/policy_assignments/policy_assignment_nist_sp_800_53_rev_5.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| { | ||
| "name": "NIST-SP-800-53-Rev5", | ||
| "type": "Microsoft.Authorization/policyAssignments", | ||
| "apiVersion": "2019-09-01", | ||
| "properties": { | ||
| "description": "This initiative includes policies that address a subset of NIST SP 800-53 Rev. 5 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r5-initiative.", | ||
| "displayName": "NIST SP 800-53 Rev. 5", | ||
| "notScopes": [], | ||
| "parameters": { | ||
| }, | ||
| "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f", | ||
| "nonComplianceMessages": [ | ||
| { | ||
| "message": "NIST SP 800-53 Rev. 5 controls {enforcementMode} be enforced" | ||
| } | ||
| ], | ||
| "scope": "${current_scope_resource_id}", | ||
| "enforcementMode": null | ||
| }, | ||
| "location": "${default_location}", | ||
| "identity": { | ||
| "type": "SystemAssigned" | ||
| } | ||
| } |
18 changes: 18 additions & 0 deletions
18
lib/policy_assignments/policy_assignment_soc2type2 copy.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| { | ||
| "name": "SOC2Type2", | ||
| "type": "Microsoft.Authorization/policyAssignments", | ||
| "apiVersion": "2021-06-01", | ||
| "properties": { | ||
| "description": "A System and Organization Controls (SOC) 2 is a report based on the Trust Service Principles and Criteria established by the American Institute of Certified Public Accountants (AICPA). The Report evaluates an organization's information system relevant to the following principles: security, availability, processing integrity, confidentiality and privacy. These policies address a subset of SOC 2 Type 2 controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-soc-2", | ||
| "displayName": "SOC 2 Type 2", | ||
| "notScopes": [], | ||
| "parameters": {}, | ||
| "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/4054785f-702b-4a98-9215-009cbd58b141", | ||
| "scope": "${current_scope_resource_id}", | ||
| "enforcementMode": null | ||
| }, | ||
| "location": "${default_location}", | ||
| "identity": { | ||
| "type": "SystemAssigned" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| { | ||
| "name": "8753b9c9-07db-4073-98fb-4a7ab1e2ffe5", | ||
| "type": "Microsoft.Authorization/roleDefinitions", | ||
| "apiVersion": "2018-01-01-preview", | ||
| "properties": { | ||
| "roleName": "Reader-Support-Tickets", | ||
| "description": "View everything in the subscription and also open support tickets.", | ||
| "type": "customRole", | ||
| "permissions": [ | ||
| { | ||
| "actions": [ | ||
| "*/read", | ||
| "Microsoft.Support/*" | ||
| ], | ||
| "notActions": [], | ||
| "dataActions": [], | ||
| "notDataActions": [] | ||
| } | ||
| ], | ||
| "assignableScopes": [ | ||
| "${current_scope_resource_id}" | ||
| ] | ||
| } | ||
| } |