AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

Azure Kubernetes Service Clusters should disable Command Invoke

Azure BuiltIn Policy definition

Source Azure Portal
Display name Azure Kubernetes Service Clusters should disable Command Invoke
Id 89f2d532-c53c-4f8f-9afa-4927b1114a0d
Version 1.0.1
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.1
Built-in Versioning [Preview]
Category Kubernetes
Microsoft Learn
Description Disabling command invoke can enhance the security by avoiding bypass of restricted network access or Kubernetes role-based access control
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.ContainerService/managedClusters/apiServerAccessProfile.disableRunCommand Microsoft.ContainerService managedClusters properties.apiServerAccessProfile.disableRunCommand True False
Rule resource types IF (1)
Microsoft.ContainerService/managedClusters
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Control the use of AKS in a Virtual Enclave d300338e-65d1-4be3-b18e-fb4ce5715a8f VirtualEnclaves Preview BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-10-21 16:42:13 change Patch (1.0.0 > 1.0.1)
2022-04-01 20:29:14 add 89f2d532-c53c-4f8f-9afa-4927b1114a0d
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC