Storage

Filters

• Standard Value Filter (see Generic Filters)

  • Model: StorageAccount

• ARM Resource Filters (see Generic Filters)

  • Metric Filter - Filter on metrics from Azure Monitor - (see Storage Account Supported Metrics)

  • Tag Filter - Filter on tag presence and/or values

  • Marked-For-Op Filter - Filter on tag that indicates a scheduled operation for a resource

• firewall-rules Firewall Rules Filter

  Filter based on firewall rules. Rules can be specified as x.x.x.x-y.y.y.y or x.x.x.x or x.x.x.x/y.

  • include: the list of IP ranges or CIDR that firewall rules must include. The list must be a subset of the exact rules as is, the ranges will not be combined.

  • equal: the list of IP ranges or CIDR that firewall rules must match exactly.

  oneOf:
  - required:
    - type
    - include
  - required:
    - type
    - any
  - required:
    - type
    - only
  - required:
    - type
    - equal
  properties:
    any:
      items:
        type: string
      type: array
    equal:
      items:
        type: string
      type: array
    include:
      items:
        type: string
      type: array
    only:
      items:
        type: string
      type: array
    type:
      enum:
      - firewall-rules
  

Actions

• ARM Resource Actions (see Generic Actions)

• set-network-rules Set network (firewall) rules.

  • default-action: Required. Can be either Allow or Deny.

  • bypass: Optional. List of services that are allowed to bypass the rules. Any combination of AzureServices,

    Logging and Metrics, e.g. [Logging, Metrics]. If not specified the property is not changed.

  • ip-rules: Optional. List of allowed ip-s or addresses. Specify empty list [] to remove all items. - ip-address-or-range: Ip address or range that is allowed.

  • virtual-network-rules: Optional. List of allowed virtual networks. Specify empty list [] to remove all items. - virtual-network-resource-id: Azure id of a subnet of a virtual network.

  properties:
    bypass:
      items:
        enum:
        - AzureServices
        - Logging
        - Metrics
      type: array
    default-action:
      enum:
      - Allow
      - Deny
    ip-rules:
      items:
        ip-address-or-range:
          type: string
      type: array
    type:
      enum:
      - set-network-rules
    virtual-network-rules:
      items:
        virtual-network-resource-id:
          type: string
      type: array
  required:
  - default-action
  - type
  

Example Policies

• Storage - Add storage firewall rules