ServiceNow CMDB CI relationship sync: faster, more complete →
Policy Packs
Azure CIS v2.0.0 - Section 8 - Key Vault

Policy Setting: Azure > Key Vault > Vault > Approved > Custom

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "azure_keyvault_vault_approved_custom" {
resource = turbot_policy_pack.main.id
type = "tmod:@turbot/azure-keyvault#/policy/types/vaultApprovedCustom"
note = "Azure CIS v2.0.0 - Control: 8.6 and 8.7"
template_input = <<-EOT
{
vault {
enableRbacAuthorization: get(path:"properties.enableRbacAuthorization"),
privateEndpointConnections: get(path:"properties.privateEndpointConnections")
}
}
EOT
template = <<-EOT
{% set results = [] -%}
{%- if $.vault.enableRbacAuthorization == false -%}
{%- set data = {
"title": "Role Based Access Control",
"result": "Not approved",
"message": "Role based access control is disabled"
} -%}
{%- elif $.vault.enableRbacAuthorization == false -%}
{%- set data = {
"title": "Role Based Access Control",
"result": "Approved",
"message": "Role based access control is enabled"
} -%}
{%- else -%}
{%- set data = {
"title": "Role Based Access Control",
"result": "Skip",
"message": "No data for role based access control yet"
} -%}
{%- endif -%}
{% set results = results.concat(data) -%}
{%- if $.vault.privateEndpointConnections == null -%}
{%- set data = {
"title": "Private Endpoint Connections",
"result": "Not approved",
"message": "Private endpoint connections are not used"
} -%}
{%- else -%}
{%- set data = {
"title": "Private Endpoint Connections",
"result": "Approved",
"message": "Private endpoint connections are used"
} -%}
{%- endif -%}
{% set results = results.concat(data) -%}
{{ results | json }}
EOT
}