Deny-Subnet-Without-Nsg will allow a network with a subnet to be created. #407
Labels
bug
Something isn't working
Comments
papatari
changed the title
|
Thanks. This is a known issue due to the different ways you can model a subnet today, 1) either as a top-level child resource, or 2) as declared in the property bag of the virtualNetworks resourceType (parent). We don't have a fix for this until the platform addresses it. |
withstu
added a commit
to withstu/terraform-azurerm-caf-enterprise-scale
that referenced
this issue
Jan 6, 2022
fixes the issue that vnets with a subnet without udr can be created by ARM deployment despite of the deny policy Azure/Enterprise-Scale#407
withstu
added a commit
to withstu/terraform-azurerm-caf-enterprise-scale
that referenced
this issue
Jan 6, 2022
fixes the issue that vnets with a subnet without nsg can be created by ARM deployment despite of the deny policy Azure/Enterprise-Scale#407
6 tasks
withstu
added a commit
to withstu/Enterprise-Scale
that referenced
this issue
Jan 6, 2022
fixes deny subnet without nsg & udr policies when used in ARM deployment: Azure#407
6 tasks
6 tasks
ghost
locked as resolved and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Deny-Subnet-Without-Nsg will allow a network with a subnet to be created.
The Deny-Subnet-Without-Nsg rule works for existing networks. Apparently when you try to add the subnet it will block you.
However if you create a new vNET with a subnet it will go through and then mark it as non-compliant.
The text was updated successfully, but these errors were encountered: