PSRule.Rules.Azure
PSRule.Rules.Azure copied to clipboard

Published 20 hours ago •

Reame
Issues

[RULE] Disable public access for Data Explorer Clusters

Open BernieWhite opened this issue 1 year ago • 0 comments

Existing rule

No response

Suggested rule

Disable network access from public sources. Instead use private endpoints which provide private access from a VNET.

resource adx 'Microsoft.Kusto/clusters@2023-08-15' = {
  name: name
  location: location
  sku: {
    name: 'Standard_D11_v2'
    tier: 'Standard'
  }
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    enableDiskEncryption: true
    publicNetworkAccess: 'Disabled'
  }
}

Pillar

Security

Additional context

Similar to: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.Cosmos.PublicAccess/

https://learn.microsoft.com/en-us/azure/data-explorer/security-network-restrict-public-access
https://learn.microsoft.com/en-us/azure/well-architected/security/networking
https://learn.microsoft.com/en-gb/azure/templates/microsoft.kusto/clusters?pivots=deployment-language-bicep

Oct 13 '24 23:10 BernieWhite

Labels

help wanted

good first issue

rule: data-explorer

pillar: security

Owner

Other Repo Issues