Guardrails is now 50% faster through smarter control evaluation →
Mods
Azure

Policy: Azure > Cosmos DB > Database Account > Key Based Metadata Write Access

Define the Key Based Metadata Write Access settings required for Azure > Cosmos DB > Database Account.

This policy determines whether key-based metadata write access is permitted for Azure Cosmos DB Database Accounts. Disabling key-based metadata write access ensures that only requests authorized with Azure AD are permitted for metadata operations, enhancing security by preventing metadata writes using account keys. When set to "Check: Disabled" or "Check: Enabled", the control will go to an alarm state if the database account's setting does not match the policy. When set to "Enforce: Disabled" or "Enforce: Enabled", the control will automatically configure the property to match the policy. Setting the policy to "Skip" will exclude the database account from this check.

Targets

This policy targets the following resource types:

Controls

Setting this policy configures this control:

Policy Specification

Schema Type
string
Default
Skip
Valid Values [YAML]
  • Skip
    
  • Check: Enabled
    
  • Check: Disabled
    
  • Enforce: Enabled
    
  • Enforce: Disabled
    
Examples [YAML]
  • Check: Disabled
    

Category

In Your Workspace

Developers