Skip to content

Latest commit

 

History

History
31 lines (26 loc) · 3.27 KB

resources-allowed-locations.md

File metadata and controls

31 lines (26 loc) · 3.27 KB
Raw

CloudSploit

AZURE / Azure Policy / Resources Allowed Locations

Quick Info
Plugin Title Resources Allowed Locations
Cloud AZURE
Category Azure Policy
Description Ensures deployed resources and resource groups belong to the list set in the allowed locations for resource groups policy
More Info Setting allowed locations for a service helps ensure the service can only be deployed in expected locations.
AZURE Link https://docs.microsoft.com/en-us/azure/governance/policy/assign-policy-portal
Recommended Action Ensure that all services contain policy definitions that defined allowed locations.

Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the "Search resources, services, and docs" option at the top and search for Policy.
  3. On the "Policy" page, scroll down the left navigation panel and choose "Assignments" under "Authoring."
  4. On the "Policy - Assignments" page, check the "Policies" listed and if there are no "Policies" for "Resources Allowed Locations" then the selected "Assignment" don't have any "Resources Allowed Locations" policy.
  5. Repeat steps number 2 - 4 to check different "Policy - Assignments."
  6. Navigate to "Policy", scroll down the left navigation panel and choose "Assignemts" and on the "Policy - Assignments" page click on the "Assign Policy" at the top to assign "Resource Allowed Location" policy.
  7. On the "Assign Policy" page, select the "Scope" accordingly and click on the "..." dots icon to select the "Policy definition" under the "Basics" option.
  8. On the "Available Definitions" page, click on the "Search" box at the tab and search for "Allowed locations for resource groups" and click on the "Select" button at the bottom.
  9. Provide the "Description" accordingly and click on the "Next" button at the bottom.
  10. On the "Parameters" tab, select the "Allowed location" from the dropdown menu accordingly and click on the "Next" button.
  11. On the "Remediation" page, click on the checkbox next to the "Create a Managed Identity" and select the "Managed Identity Location" accordingly.
  12. Click on the "Review + Create" button to create the specific "Resources Allowed Locations" policy.
  13. Repeat steps number 6 - 12 to ensure that all services contain policy definitions that defined allowed locations.