There’s a total of 3 Compliance Ready Policies for the Azure provider.
All those policies are available in the @pulumi/azure-compliance-policies package.
Please refer to our Documentation for more details.
compute
LinuxVirtualMachine
azure-compute-linuxvirtualmachine-disallow-password-authentication
Policy name: azure-compute-linuxvirtualmachine-disallow-password-authentication
Code path: azure.compute.LinuxVirtualMachine.disallowPasswordAuthentication
Authentication to Linux machines should require SSH keys.
Service: Compute
Resource: LinuxVirtualMachine
Associated metadata for this policy:
Severity: high
Frameworks: iso27001, pcidss
Topics: authentication, security
ManagedDisk
azure-compute-manageddisk-disallow-unencrypted-managed-disk
Policy name: azure-compute-manageddisk-disallow-unencrypted-managed-disk
Code path: azure.compute.ManagedDisk.disallowUnencryptedManagedDisk
Checks that Disks are encrypted.
Service: Compute
Resource: ManagedDisk
Associated metadata for this policy:
Severity: high
Frameworks: iso27001, pcidss
Topics: encryption, storage
containerservice
KubernetesCluster
azure-containerservice-kubernetescluster-configure-network-policy
Policy name: azure-containerservice-kubernetescluster-configure-network-policy
Code path: azure.containerservice.KubernetesCluster.configureNetworkPolicy
Checks AKS cluster has Network Policy configured.
Service: Containerservice
Resource: KubernetesCluster
Associated metadata for this policy:
Severity: high
Frameworks: iso27001, pcidss
Topics: kubernetes, network
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.
