AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

Disable Command Invoke on Azure Kubernetes Service clusters

Azure BuiltIn Policy definition

Source Azure Portal
Display name Disable Command Invoke on Azure Kubernetes Service clusters
Id 1b708b0a-3380-40e9-8b79-821f9fa224cc
Version 1.2.0
Details on versioning
Versioning Versions supported for Versioning: 3
1.0.3
1.1.0
1.2.0
Built-in Versioning [Preview]
Category Kubernetes
Microsoft Learn
Description Disabling command invoke can enhance the security by rejecting invoke-command access to the cluster
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Azure Kubernetes Service Contributor Role ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
Azure Kubernetes Service Policy Add-on Deployment 18ed5180-3e48-46fd-8541-4ea054d57064
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.ContainerService/managedClusters/apiServerAccessProfile.disableRunCommand Microsoft.ContainerService managedClusters properties.apiServerAccessProfile.disableRunCommand True False
Rule resource types IF (1)
Microsoft.ContainerService/managedClusters
THEN-Deployment (2)
Microsoft.ContainerService/managedClusters
Microsoft.Resources/deployments
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Enforce recommended guardrails for Kubernetes Enforce-Guardrails-Kubernetes Kubernetes GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-03-01 17:50:27 change Minor (1.1.0 > 1.2.0)
2024-01-12 18:35:06 change Minor (1.0.3 > 1.1.0)
2023-10-31 19:02:40 change Patch (1.0.2 > 1.0.3)
2023-10-23 17:41:36 change Patch (1.0.1 > 1.0.2)
2022-10-21 16:42:13 change Patch (1.0.0 > 1.0.1)
2022-04-01 20:29:14 add 1b708b0a-3380-40e9-8b79-821f9fa224cc
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC