Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
Azure
  • Azure/Owner
  • Azure/Admin
  • Azure/Operator
  • Azure/Metadata
  • Azure/AI Foundry/admin
  • Azure/AI Foundry/metadata
  • Azure/AKS/admin
  • Azure/AKS/metadata
  • Azure/Alerts Management/admin
  • Azure/Alerts Management/operator
  • Azure/Alerts Management/metadata
  • Azure/API Management/admin
  • Azure/API Management/operator
  • Azure/API Management/metadata
  • Azure/Application Gateway/admin
  • Azure/Application Gateway/operator
  • Azure/Application Gateway/readonly
  • Azure/Application Gateway/metadata
  • Azure/Application Insights/admin
  • Azure/Application Insights/metadata
  • Azure/App Service/admin
  • Azure/App Service/metadata
  • Azure/Automation/admin
  • Azure/Automation/operator
  • Azure/Automation/metadata
  • Azure/Bot Service/Admin
  • Azure/Bot Service/Operator
  • Azure/Bot Service/Metadata
  • Azure/Cognitive Services/admin
  • Azure/Cognitive Services/operator
  • Azure/Cognitive Services/metadata
  • Azure/Compute/admin
  • Azure/Compute/operator
  • Azure/Compute/metadata
  • Azure/Container Registry/admin
  • Azure/Container Registry/metadata
  • Azure/Cosmos DB/admin
  • Azure/Cosmos DB/operator
  • Azure/Cosmos DB/metadata
  • Azure/Databricks/admin
  • Azure/Databricks/metadata
  • Azure/Data Factory/admin
  • Azure/Data Factory/metadata
  • Azure/DNS/admin
  • Azure/DNS/metadata
  • Azure/Firewall/admin
  • Azure/Firewall/metadata
  • Azure/Front Door/admin
  • Azure/Front Door/operator
  • Azure/Front Door/metadata
  • Azure/IAM/Owner
  • Azure/IAM/Metadata
  • Azure/Key Vault/admin
  • Azure/Key Vault/operator
  • Azure/Key Vault/metadata
  • Azure/Load Balancer/admin
  • Azure/Load Balancer/metadata
  • Azure/Log Analytics/admin
  • Azure/Log Analytics/metadata
  • Azure/Managed Identity/admin
  • Azure/Managed Identity/metadata
  • Azure/Monitor/Admin
  • Azure/Monitor/Operator
  • Azure/Monitor/Metadata
  • Azure/MySQL/admin
  • Azure/MySQL/metadata
  • Azure/Network/Admin
  • Azure/Network/Operator
  • Azure/Network/ReadOnly
  • Azure/Network/Metadata
  • Azure/Network Watcher/admin
  • Azure/Network Watcher/operator
  • Azure/Network Watcher/readonly
  • Azure/Network Watcher/metadata
  • Azure/PostgreSQL/admin
  • Azure/PostgreSQL/operator
  • Azure/PostgreSQL/metadata
  • Azure/Recovery Service/admin
  • Azure/Recovery Service/operator
  • Azure/Recovery Service/metadata
  • Azure/Redis/Admin
  • Azure/Redis/Operator
  • Azure/Redis/Metadata
  • Azure/Relay/Admin
  • Azure/Relay/ReadOnly
  • Azure/Relay/Metadata
  • Azure/Search Management/admin
  • Azure/Search Management/metadata
  • Azure/Security Center/admin
  • Azure/Security Center/operator
  • Azure/Security Center/metadata
  • Azure/Service Bus/admin
  • Azure/Service Bus/operator
  • Azure/Service Bus/metadata
  • Azure/SignalR Service/Admin
  • Azure/SignalR Service/Operator
  • Azure/SignalR Service/Metadata
  • Azure/SQL/admin
  • Azure/SQL/operator
  • Azure/SQL/readonly
  • Azure/SQL/metadata
  • Azure/SQL Virtual Machine Service/admin
  • Azure/SQL Virtual Machine Service/operator
  • Azure/SQL Virtual Machine Service/metadata
  • Azure/Storage/Admin
  • Azure/Storage/Operator
  • Azure/Storage/Metadata
  • Azure/Synapse Analytics/admin
  • Azure/Synapse Analytics/operator
  • Azure/Synapse Analytics/metadata

IAM Role: Azure/Container Registry/admin

PermissionGrant
microsoft.containerregistry/locations/deletevirtualnetworkorsubnets/actionadmin
microsoft.containerregistry/register/actionadmin
microsoft.containerregistry/registries/agentpools/deleteadmin
microsoft.containerregistry/registries/agentpools/listqueuestatus/actionadmin
microsoft.containerregistry/registries/agentpools/writeadmin
microsoft.containerregistry/registries/artifacts/deleteadmin
microsoft.containerregistry/registries/builds/cancel/actionadmin
microsoft.containerregistry/registries/builds/getloglink/actionadmin
microsoft.containerregistry/registries/builds/writeadmin
microsoft.containerregistry/registries/buildtasks/deleteadmin
microsoft.containerregistry/registries/buildtasks/listsourcerepositoryproperties/actionadmin
microsoft.containerregistry/registries/buildtasks/steps/deleteadmin
microsoft.containerregistry/registries/buildtasks/steps/listbuildarguments/actionadmin
microsoft.containerregistry/registries/buildtasks/steps/writeadmin
microsoft.containerregistry/registries/buildtasks/writeadmin
microsoft.containerregistry/registries/cacherules/deleteadmin
microsoft.containerregistry/registries/cacherules/writeadmin
microsoft.containerregistry/registries/connectedregistries/deactivate/actionadmin
microsoft.containerregistry/registries/connectedregistries/deleteadmin
microsoft.containerregistry/registries/connectedregistries/writeadmin
microsoft.containerregistry/registries/credentialsets/deleteadmin
microsoft.containerregistry/registries/credentialsets/writeadmin
microsoft.containerregistry/registries/deleteadmin
microsoft.containerregistry/registries/deleted/restore/actionadmin
microsoft.containerregistry/registries/eventgridfilters/deleteadmin
microsoft.containerregistry/registries/eventgridfilters/writeadmin
microsoft.containerregistry/registries/exportpipelines/deleteadmin
microsoft.containerregistry/registries/exportpipelines/writeadmin
microsoft.containerregistry/registries/generatecredentials/actionadmin
microsoft.containerregistry/registries/getbuildsourceuploadurl/actionadmin
microsoft.containerregistry/registries/importimage/actionadmin
microsoft.containerregistry/registries/importpipelines/deleteadmin
microsoft.containerregistry/registries/importpipelines/writeadmin
microsoft.containerregistry/registries/listbuildsourceuploadurl/actionadmin
microsoft.containerregistry/registries/listcredentials/actionadmin
microsoft.containerregistry/registries/metadata/writeadmin
microsoft.containerregistry/registries/packages/archives/deleteadmin
microsoft.containerregistry/registries/packages/archives/versions/deleteadmin
microsoft.containerregistry/registries/packages/archives/versions/writeadmin
microsoft.containerregistry/registries/packages/archives/writeadmin
microsoft.containerregistry/registries/pipelineruns/deleteadmin
microsoft.containerregistry/registries/pipelineruns/writeadmin
microsoft.containerregistry/registries/privateendpointconnectionproxies/deleteadmin
microsoft.containerregistry/registries/privateendpointconnectionproxies/validate/actionadmin
microsoft.containerregistry/registries/privateendpointconnectionproxies/writeadmin
microsoft.containerregistry/registries/privateendpointconnections/deleteadmin
microsoft.containerregistry/registries/privateendpointconnections/writeadmin
microsoft.containerregistry/registries/privateendpointconnectionsapproval/actionadmin
microsoft.containerregistry/registries/providers/microsoft.insights/diagnosticsettings/writeadmin
microsoft.containerregistry/registries/push/writeadmin
microsoft.containerregistry/registries/quarantine/writeadmin
microsoft.containerregistry/registries/quarantinedartifacts/writeadmin
microsoft.containerregistry/registries/queuebuild/actionadmin
microsoft.containerregistry/registries/regeneratecredential/actionadmin
microsoft.containerregistry/registries/replications/deleteadmin
microsoft.containerregistry/registries/replications/writeadmin
microsoft.containerregistry/registries/repositories/content/deleteadmin
microsoft.containerregistry/registries/repositories/content/writeadmin
microsoft.containerregistry/registries/repositories/metadata/deleteadmin
microsoft.containerregistry/registries/repositories/metadata/writeadmin
microsoft.containerregistry/registries/runs/cancel/actionadmin
microsoft.containerregistry/registries/runs/listlogsasurl/actionadmin
microsoft.containerregistry/registries/runs/writeadmin
microsoft.containerregistry/registries/schedulerun/actionadmin
microsoft.containerregistry/registries/scopemaps/deleteadmin
microsoft.containerregistry/registries/scopemaps/writeadmin
microsoft.containerregistry/registries/sign/writeadmin
microsoft.containerregistry/registries/taskruns/deleteadmin
microsoft.containerregistry/registries/taskruns/listdetails/actionadmin
microsoft.containerregistry/registries/taskruns/writeadmin
microsoft.containerregistry/registries/tasks/deleteadmin
microsoft.containerregistry/registries/tasks/listdetails/actionadmin
microsoft.containerregistry/registries/tasks/writeadmin
microsoft.containerregistry/registries/tokens/deleteadmin
microsoft.containerregistry/registries/tokens/writeadmin
microsoft.containerregistry/registries/trustedcollections/writeadmin
microsoft.containerregistry/registries/updatepolicies/writeadmin
microsoft.containerregistry/registries/webhooks/deleteadmin
microsoft.containerregistry/registries/webhooks/getcallbackconfig/actionadmin
microsoft.containerregistry/registries/webhooks/listevents/actionadmin
microsoft.containerregistry/registries/webhooks/ping/actionadmin
microsoft.containerregistry/registries/webhooks/writeadmin
microsoft.containerregistry/registries/writeadmin
microsoft.containerregistry/unregister/actionadmin
microsoft.containerregistry/checknameavailability/readmetadata
microsoft.containerregistry/locations/operationresults/readmetadata
microsoft.containerregistry/operations/readmetadata
microsoft.containerregistry/registries/agentpools/operationresults/status/readmetadata
microsoft.containerregistry/registries/agentpools/operationstatuses/readmetadata
microsoft.containerregistry/registries/agentpools/readmetadata
microsoft.containerregistry/registries/builds/readmetadata
microsoft.containerregistry/registries/buildtasks/readmetadata
microsoft.containerregistry/registries/buildtasks/steps/readmetadata
microsoft.containerregistry/registries/cacherules/operationstatuses/readmetadata
microsoft.containerregistry/registries/cacherules/readmetadata
microsoft.containerregistry/registries/catalog/readmetadata
microsoft.containerregistry/registries/connectedregistries/readmetadata
microsoft.containerregistry/registries/credentialsets/operationstatuses/readmetadata
microsoft.containerregistry/registries/credentialsets/readmetadata
microsoft.containerregistry/registries/deleted/readmetadata
microsoft.containerregistry/registries/eventgridfilters/readmetadata
microsoft.containerregistry/registries/exportpipelines/readmetadata
microsoft.containerregistry/registries/importpipelines/readmetadata
microsoft.containerregistry/registries/listpolicies/readmetadata
microsoft.containerregistry/registries/listusages/readmetadata
microsoft.containerregistry/registries/metadata/readmetadata
microsoft.containerregistry/registries/operationstatuses/readmetadata
microsoft.containerregistry/registries/packages/archives/readmetadata
microsoft.containerregistry/registries/packages/archives/versions/operationstatuses/readmetadata
microsoft.containerregistry/registries/packages/archives/versions/readmetadata
microsoft.containerregistry/registries/pipelineruns/operationstatuses/readmetadata
microsoft.containerregistry/registries/pipelineruns/readmetadata
microsoft.containerregistry/registries/privateendpointconnectionproxies/operationstatuses/readmetadata
microsoft.containerregistry/registries/privateendpointconnectionproxies/readmetadata
microsoft.containerregistry/registries/privateendpointconnections/operationstatuses/readmetadata
microsoft.containerregistry/registries/privateendpointconnections/readmetadata
microsoft.containerregistry/registries/providers/microsoft.insights/diagnosticsettings/readmetadata
microsoft.containerregistry/registries/providers/microsoft.insights/logdefinitions/readmetadata
microsoft.containerregistry/registries/providers/microsoft.insights/metricdefinitions/readmetadata
microsoft.containerregistry/registries/pull/readmetadata
microsoft.containerregistry/registries/quarantine/readmetadata
microsoft.containerregistry/registries/quarantinedartifacts/readmetadata
microsoft.containerregistry/registries/readmetadata
microsoft.containerregistry/registries/replications/operationstatuses/readmetadata
microsoft.containerregistry/registries/replications/readmetadata
microsoft.containerregistry/registries/repositories/content/readmetadata
microsoft.containerregistry/registries/repositories/metadata/readmetadata
microsoft.containerregistry/registries/runs/readmetadata
microsoft.containerregistry/registries/scopemaps/operationstatuses/readmetadata
microsoft.containerregistry/registries/scopemaps/readmetadata
microsoft.containerregistry/registries/taskruns/operationstatuses/readmetadata
microsoft.containerregistry/registries/taskruns/readmetadata
microsoft.containerregistry/registries/tasks/readmetadata
microsoft.containerregistry/registries/tokens/operationstatuses/readmetadata
microsoft.containerregistry/registries/tokens/readmetadata
microsoft.containerregistry/registries/webhooks/operationstatuses/readmetadata
microsoft.containerregistry/registries/webhooks/readmetadata
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
50
Mods
204
Resource Types
3,575
Policies
1,941
Controls
103
Quick Actions
111
IAM