azure.storage-container¶

Storage Container Resource

example:

Finds all containers with public access enabled

policies:
  - name: storage-container-public
    description: |
      Find all containers with public access enabled
    resource: azure.storage-container
    filters:
      - type: value
        key: properties.publicAccess
        op: not-equal
        value: None   # Possible values: Blob, Container, None

Filters¶

advisor-recommendation

cost

event

list-item

metric

offhour

onhour

parent

policy-compliant

reduce

resource-lock

value

advisor-recommendation¶

Filter resources by Azure Advisor Recommendations

Select all categories with ‘all’

example:

policies:
  - name: disks-with-cost-recommendations
    resource: azure.disk
    filters:
      - type: advisor-recommendation
        category: Cost
        key: '[].properties.recommendationTypeId'
        op: contains
        value: '48eda464-1485-4dcf-a674-d0905df5054a'

properties:
  category:
    type: string
  default:
    type: object
  key:
    type: string
  op:
    enum:
    - eq
    - equal
    - ne
    - not-equal
    - gt
    - greater-than
    - ge
    - gte
    - le
    - lte
    - lt
    - less-than
    - glob
    - regex
    - regex-case
    - in
    - ni
    - not-in
    - contains
    - difference
    - intersect
  type:
    enum:
    - advisor-recommendation
  value:
    oneOf:
    - type: array
    - type: string
    - type: boolean
    - type: number
    - type: 'null'
  value_from:
    additionalProperties: 'False'
    properties:
      expr:
        oneOf:
        - type: integer
        - type: string
      format:
        enum:
        - csv
        - json
        - txt
        - csv2dict
      headers:
        patternProperties:
          ? ''
          : type: string
        type: object
      url:
        type: string
    required:
    - url
    type: object
  value_path:
    type: string
  value_regex:
    type: string
  value_type:
    enum:
    - age
    - integer
    - expiration
    - normalize
    - size
    - cidr
    - cidr_size
    - swap
    - resource_count
    - expr
    - unique_size
    - date
    - version
    - float
required:
- category
- type

Actions¶

delete

lock

logic-app

notify

set-public-access

webhook

set-public-access¶

Action that updates the access level setting on Storage Containers. Programmatically, this will be seen by updating the Public Access setting

example:: Finds all Blob Storage Containers that are not private and sets them to private

policies:
    - name: set-non-production-accounts-private
      resource: azure.storage-container
      filters:
        - type: value
          key: properties.publicAccess
          op: not-equal
          value: None
      actions:
        - type: set-public-access
          value: None

properties:
  type:
    enum:
    - set-public-access
  value:
    enum:
    - Container
    - Blob
    - None
required:
- value
- type