Policy Setting: Azure > PostgreSQL > Server > Approved > Custom
Policies
This policy setting is dependent on the following policy types:
Source
resource "turbot_policy_setting" "azure_postgresql_server_approved_custom" { resource = turbot_policy_pack.main.id type = "tmod:@turbot/azure-postgresql#/policy/types/serverApprovedCustom" note = "Azure CIS v2.0.0 - Control: 4.3.7 and 4.3.8" template_input = <<-EOT { resource { infrastructureEncryption: get(path:"infrastructureEncryption"), firewallRulesName: get(path:"firewallRules.name"), startIpAddress: get(path:"firewallRules.startIpAddress"), endIpAddress: get(path:"firewallRules.endIpAddress"), } } EOT template = <<-EOT {%- set results = [] -%}
{%- if $.resource.infra_encryption and $.resource.infra_encryption == "Disabled" -%}
{%- set data = { "title": "Infrastructure Encryption", "result": "Not approved", "message": "Infrastructure encryption is disabled" } -%}
{%- elif $.resource.infra_encryption and $.resource.infra_encryption == "Enabled" -%}
{%- set data = { "title": "Infrastructure Encryption", "result": "Approved", "message": "Infrastructure encryption is enabled" } -%}
{%- else -%}
{%- set data = { "title": "Infrastructure Encryption", "result": "Skip", "message": "No data for infrastructure encryption yet" } -%}
{%- endif -%}
{%- set results = results.concat(data) -%}
{%- if $.resource.firewallRulesName == "AllowAllWindowsAzureIps" -%}
{%- set data = { "title": "Allow access to Azure services", "result": "Not approved", "message": "Allow access to Azure services is enabled" } -%}
{%- elif $.resource.startIpAddress == "0.0.0.0" and $.resource.endIpAddress == "0.0.0.0" -%}
{%- set data = { "title": "Allow access to Azure services", "result": "Not approved", "message": "Allow access to Azure services is enabled" } -%}
{%- else -%}
{%- set data = { "title": "Allow access to Azure services", "result": "Approved", "message": "Allow access to Azure services is disabled" } -%}
{%- endif -%}
{%- set results = results.concat(data) -%}
{{ results | json }} EOT}