Enterprise-Scale icon indicating copy to clipboard operation
Enterprise-Scale copied to clipboard
verified publisher icon Azure

Cosmos DB Custom Policies

Open marvinbuss opened this issue 4 years ago • 3 comments

Overview/Summary

Replace this with a brief description of what this Pull Request fixes, changes, etc.

This PR fixes/adds/changes/removes

  1. Added Cosmos DB Custom Policies

As part of this Pull Request I have

  • [x] Checked for duplicate Pull Requests
  • [x] Associated it with relevant issues, for tracking and closure.
  • [x] Ensured my code/branch is up-to-date with the latest changes in the main branch
  • [x] Performed testing and provided evidence.
  • [ ] Updated relevant and associated documentation.
  • [ ] Updated the "What's New?" wiki page (located: /docs/wiki/whats-new.md)

marvinbuss avatar Aug 26 '21 12:08 marvinbuss

@jtracey93

Azure Cosmos DB

Policy Name Policy Area Description
Deny-Cosmos-DenyCosmosKeyBasedMetadataWriteAccess Authentication Deny key based metadata write access for Cosmos DB accounts.
Deny-Cosmos-Cors Network Isolation Denies CORS rules for Cosmos DB accounts.

marvinbuss avatar Aug 26 '21 12:08 marvinbuss

@krnese I would enforce the following on the Corp Management Group:

  1. Azure Cosmos DB should disable public network access (Definition ID: /providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a)

marvinbuss avatar Aug 26 '21 12:08 marvinbuss

@krnese I would enforce the following on the Corp Management Group:

  1. Azure Cosmos DB should disable public network access (Definition ID: /providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a)

This is already done according to your comment here: https://github.com/Azure/Enterprise-Scale/pull/660#issuecomment-885909897

marvinbuss avatar Aug 26 '21 12:08 marvinbuss

  • Closing as superseded by #1144

krowlandson avatar Nov 30 '22 14:11 krowlandson