Policy: Azure > CIS v2.0 > 10 - Miscellaneous > 10.01 - Ensure that Resource Locks are set for Mission-Critical Azure Resources > Attestation
By setting this policy, you attest that you have manually verified that it complies with the relevant section of the CIS Benchmark.
From Azure Portal 1. Navigate to the specific Azure Resource or Resource Group 2. For each mission critical resource, click on Locks 3. Click Add 4. Give the lock a name and a description, then select the type, Read-only or Delete as appropriate 5. Click OK
From Azure CLI To lock a resource, provide the name of the resource, its resource type, and its resource group name.az lock create --name <LockName> --lock-type <CanNotDelete/Read-only> --resource-group <resourceGroupName> --resource-name <resourceName> --resource-type <resourceType>
From PowershellGet-AzResourceLock -ResourceName <Resource Name> -ResourceType <ResourceType> -ResourceGroupName <Resource Group Name> -Locktype <CanNotDelete/Read-only>
Note that the date can not be further in the future than is specified in report level Maximum Attestation Duration policy. Set to a blank value to clear the attestation.
Targets
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
Setting this policy configures this control:
Policy Specification
Schema Type | |
|---|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/v071406
- tmod:@turbot/azure-cisv2-0#/policy/types/r1001Attestation
- turbot graphql policy-type --id "tmod:@turbot/azure-cisv2-0#/policy/types/r1001Attestation"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv2-0#/policy/types/r1001Attestation"
Get Policy TypeGet Policy Settings