Azure 策略应拒绝允许端口22的任何网络安全规则
我试图创建一个策略,该策略拒绝允许端口22的NSG规则。预期结果是azure拒绝任何允许端口22的NSG安全规则。这是我到目前为止所拥有的,但在测试时,它仍然允许我创建它Azure 策略应拒绝允许端口22的任何网络安全规则,azure,azure-policy,Azure,Azure Policy,我试图创建一个策略,该策略拒绝允许端口22的NSG规则。预期结果是azure拒绝任何允许端口22的NSG安全规则。这是我到目前为止所拥有的,但在测试时,它仍然允许我创建它 { "policyRule": { "if": { "anyOf": [ { "allOf": [ { "field"
{
"policyRule": {
"if": {
"anyOf": [
{
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/networkSecurityGroups/securityRules"
},
{
"allOf": [
{
"field": "Microsoft.Network/networkSecurityGroups/securityRules/direction",
"equals": "Inbound"
},
{
"field": "Microsoft.Network/networkSecurityGroups/securityRules/access",
"equals": "Allow"
},
{
"field": "Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges",
"contains": "22"
}
]
}
]
},
{
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/networkSecurityGroups"
},
{
"allOf": [
{
"field": "Microsoft.Network/networkSecurityGroups/securityRules[*].direction",
"equals": "Inbound"
},
{
"field": "Microsoft.Network/networkSecurityGroups/securityRules[*].access",
"equals": "Allow"
},
{
"field": "Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange",
"contains": "22"
}
]
}
]
}
]
},
"then": {
"effect": "deny"
}
}
}