DeployIfNotExists我正在尝试根据现有策略创建策略AuditIfNotExists。部署时不会出错,但会错误提示“没有相关资源与策略定义中的效果详细信息匹配”。当评估政策时。AuditIfnotExists当我将其部署到同一管理组时,该策略确实运行良好。我想知道我是否错过了什么。
此策略用于创建删除 NSG 组(如果不存在)的警报。这是DeployIfNotExists政策 - 你们觉得有什么问题吗?任何意见表示赞赏。谢谢。
{
"$schema":"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion":"1.0.0.0",
"parameters":{
"effect":{
"type":"string",
"metadata":{
"displayName":"Effect",
"description":"Enable or disable the execution of the policy"
},
"allowedValues":[
"AuditIfNotExists",
"deployIfNotExists",
"Disabled"
],
"defaultValue":"deployIfNotExists"
}
},
"variables":{
"actionGroupName":"dsactiongroup"
},
"resources":[
{
"name":"CIS5.2.3-EnsureAuditDeleteNSG",
"type":"Microsoft.Authorization/policyDefinitions",
"apiVersion":"2019-09-01",
"properties":{
"policyType":"Custom",
"displayName":"CIS 5.2.3 Ensure that Activity Log Alert exists for Delete Network Security Group (Scored)",
"description":"Monitor Activity Alerts exist for specific activities.",
"mode":"all",
"metadata":{
"category":"Audit"
},
"parameters":{
},
"policyRule":{
"if":{
"allOf":[
{
"field":"type", …