Beta - Activity Log Alert For Delete Policy Assignment Not Configured
- Query id: a7b422e3-0b2f-4795-a43a-136dbbd6cbb3
- Query name: Beta - Activity Log Alert For Delete Policy Assignment Not Configured
- Platform: Terraform
- Severity: Medium
- Category: Observability
- CWE: 778
- Risk score: 3.0
- URL: Github
Description¶
There should be a 'azurerm_monitor_activity_log_alert' resource configured to capture delete policy assignment events
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Tests Not Fround
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_monitor_activity_log_alert" "negative1" {
name = "example-activitylogalert"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
scopes = [azurerm_resource_group.example.id]
description = "Negative sample"
criteria {
resource_id = azurerm_storage_account.to_monitor.id
operation_name = "Microsoft.Authorization/policyAssignments/delete"
category = "Administrative"
}
action {
action_group_id = azurerm_monitor_action_group.main.id
webhook_properties = {
from = "terraform"
}
}
}