From d536f7978c30069aa6ce213a22a6edcd845e077a Mon Sep 17 00:00:00 2001 From: withstu Date: Thu, 15 Jul 2021 14:42:43 +0200 Subject: [PATCH] allow subnets without nsg on Firewall, Bastion and Gateway --- ..._definition_es_deny_subnet_without_nsg.json | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_subnet_without_nsg.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_subnet_without_nsg.json index d10647258..c582ef905 100644 --- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_subnet_without_nsg.json +++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_subnet_without_nsg.json @@ -34,6 +34,22 @@ "field": "type", "equals": "Microsoft.Network/virtualNetworks/subnets" }, + { + "field": "name", + "notEquals": "AzureFirewallSubnet" + }, + { + "field": "name", + "notEquals": "AzureFirewallManagementSubnet" + }, + { + "field": "name", + "notEquals": "AzureBastionSubnet" + }, + { + "field": "name", + "notEquals": "GatewaySubnet" + }, { "field": "Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id", "exists": "false" @@ -45,4 +61,4 @@ } } } -} \ No newline at end of file +}