jit_network_access_policies
Creates, updates, deletes, gets or lists a jit_network_access_policies resource.
Overview
| Name | jit_network_access_policies |
| Type | Resource |
| Id | azure.security.jit_network_access_policies |
Fields
The following fields are returned by SELECT queries:
- get
- list_by_resource_group_and_region
- list_by_region
- list_by_resource_group
- list
| Name | Datatype | Description |
|---|---|---|
id | string (arm-id) | Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
name | string | The name of the resource |
kind | string | Kind of the resource |
location | string | Location where the resource is stored |
properties | object | |
systemData | object | Azure Resource Manager metadata containing createdBy and modifiedBy information. |
type | string | The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
| Name | Datatype | Description |
|---|---|---|
id | string (arm-id) | Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
name | string | The name of the resource |
kind | string | Kind of the resource |
location | string | Location where the resource is stored |
properties | object | |
systemData | object | Azure Resource Manager metadata containing createdBy and modifiedBy information. |
type | string | The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
| Name | Datatype | Description |
|---|---|---|
id | string (arm-id) | Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
name | string | The name of the resource |
kind | string | Kind of the resource |
location | string | Location where the resource is stored |
properties | object | |
systemData | object | Azure Resource Manager metadata containing createdBy and modifiedBy information. |
type | string | The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
| Name | Datatype | Description |
|---|---|---|
id | string (arm-id) | Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
name | string | The name of the resource |
kind | string | Kind of the resource |
location | string | Location where the resource is stored |
properties | object | |
systemData | object | Azure Resource Manager metadata containing createdBy and modifiedBy information. |
type | string | The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
| Name | Datatype | Description |
|---|---|---|
id | string (arm-id) | Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
name | string | The name of the resource |
kind | string | Kind of the resource |
location | string | Location where the resource is stored |
properties | object | |
systemData | object | Azure Resource Manager metadata containing createdBy and modifiedBy information. |
type | string | The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | subscriptionId, resourceGroupName, ascLocation, jitNetworkAccessPolicyName | api-version | Policies for protecting resources using Just-in-Time access control for the subscription, location |
list_by_resource_group_and_region | select | subscriptionId, resourceGroupName, ascLocation | api-version | Policies for protecting resources using Just-in-Time access control for the subscription, location |
list_by_region | select | subscriptionId, ascLocation | api-version | Policies for protecting resources using Just-in-Time access control for the subscription, location |
list_by_resource_group | select | subscriptionId, resourceGroupName | api-version | Policies for protecting resources using Just-in-Time access control for the subscription, location |
list | select | subscriptionId | api-version | Policies for protecting resources using Just-in-Time access control. |
create_or_update | insert | subscriptionId, resourceGroupName, ascLocation, jitNetworkAccessPolicyName, data__properties | api-version | Create a policy for protecting resources using Just-in-Time access control |
delete | delete | subscriptionId, resourceGroupName, ascLocation, jitNetworkAccessPolicyName | api-version | Delete a Just-in-Time access control policy. |
initiate | exec | subscriptionId, resourceGroupName, ascLocation, jitNetworkAccessPolicyName, jitNetworkAccessPolicyInitiateType, virtualMachines | api-version | Initiate a JIT access from a specific Just-in-Time policy configuration. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
ascLocation | string | The location where ASC stores the data of the subscription. can be retrieved from Get locations |
jitNetworkAccessPolicyInitiateType | string | Type of the action to do on the Just-in-Time access policy. |
jitNetworkAccessPolicyName | string | Name of a Just-in-Time access configuration policy. |
resourceGroupName | string | The name of the resource group within the user's subscription. The name is case insensitive. |
subscriptionId | string | Azure subscription ID |
api-version | string | API version for the operation |
SELECT examples
- get
- list_by_resource_group_and_region
- list_by_region
- list_by_resource_group
- list
Policies for protecting resources using Just-in-Time access control for the subscription, location
SELECT
id,
name,
kind,
location,
properties,
systemData,
type
FROM azure.security.jit_network_access_policies
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND ascLocation = '{{ ascLocation }}' -- required
AND jitNetworkAccessPolicyName = '{{ jitNetworkAccessPolicyName }}' -- required
AND api-version = '{{ api-version }}'
;
Policies for protecting resources using Just-in-Time access control for the subscription, location
SELECT
id,
name,
kind,
location,
properties,
systemData,
type
FROM azure.security.jit_network_access_policies
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND ascLocation = '{{ ascLocation }}' -- required
AND api-version = '{{ api-version }}'
;
Policies for protecting resources using Just-in-Time access control for the subscription, location
SELECT
id,
name,
kind,
location,
properties,
systemData,
type
FROM azure.security.jit_network_access_policies
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND ascLocation = '{{ ascLocation }}' -- required
AND api-version = '{{ api-version }}'
;
Policies for protecting resources using Just-in-Time access control for the subscription, location
SELECT
id,
name,
kind,
location,
properties,
systemData,
type
FROM azure.security.jit_network_access_policies
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND api-version = '{{ api-version }}'
;
Policies for protecting resources using Just-in-Time access control.
SELECT
id,
name,
kind,
location,
properties,
systemData,
type
FROM azure.security.jit_network_access_policies
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND api-version = '{{ api-version }}'
;
INSERT examples
- create_or_update
- Manifest
Create a policy for protecting resources using Just-in-Time access control
INSERT INTO azure.security.jit_network_access_policies (
data__properties,
data__kind,
subscriptionId,
resourceGroupName,
ascLocation,
jitNetworkAccessPolicyName,
api-version
)
SELECT
'{{ properties }}' /* required */,
'{{ kind }}',
'{{ subscriptionId }}',
'{{ resourceGroupName }}',
'{{ ascLocation }}',
'{{ jitNetworkAccessPolicyName }}',
'{{ api-version }}'
RETURNING
id,
name,
kind,
location,
properties,
systemData,
type
;
# Description fields are for documentation purposes
- name: jit_network_access_policies
props:
- name: subscriptionId
value: string
description: Required parameter for the jit_network_access_policies resource.
- name: resourceGroupName
value: string
description: Required parameter for the jit_network_access_policies resource.
- name: ascLocation
value: string
description: Required parameter for the jit_network_access_policies resource.
- name: jitNetworkAccessPolicyName
value: string
description: Required parameter for the jit_network_access_policies resource.
- name: properties
value: object
- name: kind
value: string
description: |
Kind of the resource
- name: api-version
value: string
description: API version for the operation
DELETE examples
- delete
Delete a Just-in-Time access control policy.
DELETE FROM azure.security.jit_network_access_policies
WHERE subscriptionId = '{{ subscriptionId }}' --required
AND resourceGroupName = '{{ resourceGroupName }}' --required
AND ascLocation = '{{ ascLocation }}' --required
AND jitNetworkAccessPolicyName = '{{ jitNetworkAccessPolicyName }}' --required
AND api-version = '{{ api-version }}'
;
Lifecycle Methods
- initiate
Initiate a JIT access from a specific Just-in-Time policy configuration.
EXEC azure.security.jit_network_access_policies.initiate
@subscriptionId='{{ subscriptionId }}' --required,
@resourceGroupName='{{ resourceGroupName }}' --required,
@ascLocation='{{ ascLocation }}' --required,
@jitNetworkAccessPolicyName='{{ jitNetworkAccessPolicyName }}' --required,
@jitNetworkAccessPolicyInitiateType='{{ jitNetworkAccessPolicyInitiateType }}' --required,
@api-version='{{ api-version }}'
@@json=
'{
"virtualMachines": "{{ virtualMachines }}",
"justification": "{{ justification }}"
}'
;