AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

Azure Cosmos DB accounts should not exceed the maximum number of days allowed since last account key regeneration.

Source

Display name

Azure Cosmos DB accounts should not exceed the maximum number of days allowed since last account key regeneration.

9d83ccb1-f313-46ce-9d39-a198bfdb51a0

Version

Versioning

Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]

Category

Description

Regenerate your keys in the specified time to keep your data more protected.

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Audit
Allowed
Audit, Disabled

RBAC role(s)

none

Rule aliases

IF (4)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.DocumentDB/databaseAccounts/keysMetadata.primaryMasterKey.generationTime	Microsoft.DocumentDB	databaseAccounts	properties.keysMetadata.primaryMasterKey.generationTime	True	False
Microsoft.DocumentDB/databaseAccounts/keysMetadata.primaryReadonlyMasterKey.generationTime	Microsoft.DocumentDB	databaseAccounts	properties.keysMetadata.primaryReadonlyMasterKey.generationTime	True	False
Microsoft.DocumentDB/databaseAccounts/keysMetadata.secondaryMasterKey.generationTime	Microsoft.DocumentDB	databaseAccounts	properties.keysMetadata.secondaryMasterKey.generationTime	True	False
Microsoft.DocumentDB/databaseAccounts/keysMetadata.secondaryReadonlyMasterKey.generationTime	Microsoft.DocumentDB	databaseAccounts	properties.keysMetadata.secondaryReadonlyMasterKey.generationTime	True	False

Rule resource types

IF (1)
Microsoft.DocumentDB/databaseAccounts

Compliance

Not a Compliance control

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Preview]: Control the use of CosmosDB in a Virtual Enclave	6bd484ca-ae8d-46cf-9b33-e1feef84bfba	VirtualEnclaves	Preview	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	add	9d83ccb1-f313-46ce-9d39-a198bfdb51a0

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC