Родитель
500a71ebd0
Коммит
a498afb287
15
CHANGELOG.md
15
CHANGELOG.md
|
@ -2,14 +2,19 @@
|
|||
|
||||
## Unreleased
|
||||
|
||||
- Added new rules for Traffic Manager:
|
||||
- Check web-based endpoints are monitored with HTTPS. [#240](https://github.com/Microsoft/PSRule.Rules.Azure/issues/240)
|
||||
- Check at least two endpoints are enabled. [#241](https://github.com/Microsoft/PSRule.Rules.Azure/issues/241)
|
||||
|
||||
## v0.9.0-B2002019 (pre-release)
|
||||
|
||||
- Added new rule to check Azure Firewall threat intelligence is configured as deny. [#266](https://github.com/Microsoft/PSRule.Rules.Azure/issues/266)
|
||||
- Added new rule to check Front Door is enabled. [#267](https://github.com/Microsoft/PSRule.Rules.Azure/issues/267)
|
||||
- Added new rule to check Front Door uses TLS 1.2. [#268](https://github.com/Microsoft/PSRule.Rules.Azure/issues/268)
|
||||
- Added new rule to check Front Door uses WAF. [#269](https://github.com/Microsoft/PSRule.Rules.Azure/issues/269)
|
||||
- Added new rule to check Front Door WAF policy is configured in prevention mode. [#271](https://github.com/Microsoft/PSRule.Rules.Azure/issues/271)
|
||||
- Added new rule to check Front Door WAF policy is enabled. [#270](https://github.com/Microsoft/PSRule.Rules.Azure/issues/270)
|
||||
- Added new rules for Front Door:
|
||||
- Check Front Door is enabled. [#267](https://github.com/Microsoft/PSRule.Rules.Azure/issues/267)
|
||||
- Check Front Door uses TLS 1.2. [#268](https://github.com/Microsoft/PSRule.Rules.Azure/issues/268)
|
||||
- Check Front Door has a configured WAF policy. [#269](https://github.com/Microsoft/PSRule.Rules.Azure/issues/269)
|
||||
- Check Front Door WAF policy is configured in prevention mode. [#271](https://github.com/Microsoft/PSRule.Rules.Azure/issues/271)
|
||||
- Check Front Door WAF policy is enabled. [#270](https://github.com/Microsoft/PSRule.Rules.Azure/issues/270)
|
||||
|
||||
## v0.9.0-B2002011 (pre-release)
|
||||
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
---
|
||||
severity: Single point of failure
|
||||
category: Reliability
|
||||
resource: Traffic Manager
|
||||
online version: https://github.com/Microsoft/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.TrafficManager.Endpoints.md
|
||||
---
|
||||
|
||||
# Use at least two Traffic Manager endpoints
|
||||
|
||||
## SYNOPSIS
|
||||
|
||||
Traffic Manager should use at lest two enabled endpoints.
|
||||
|
||||
## DESCRIPTION
|
||||
|
||||
Traffic Manager is a DNS service that enables you to distribute traffic to improve availability and responsiveness.
|
||||
Traffic is distributed across endpoints, which can be located in different availability zones and regions.
|
||||
|
||||
When only one enabled endpoint exists, routing for high availability and/ or responsiveness is not possible.
|
||||
|
||||
## RECOMMENDATION
|
||||
|
||||
Consider adding additional endpoints or enabling disabled endpoints.
|
||||
Also consider, using endpoints deployed across different regions to provide high availability.
|
||||
|
||||
## LINKS
|
||||
|
||||
- [What is Traffic Manager?](https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview)
|
||||
- [How Traffic Manager Works](https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-how-it-works)
|
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
severity: Important
|
||||
category: Security configuration
|
||||
resource: Traffic Manager
|
||||
online version: https://github.com/Microsoft/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.TrafficManager.Protocol.md
|
||||
---
|
||||
|
||||
# Use HTTPS to monitor web-based endpoints
|
||||
|
||||
## SYNOPSIS
|
||||
|
||||
Monitor Traffic Manager web-based endpoints with HTTPS.
|
||||
|
||||
## DESCRIPTION
|
||||
|
||||
Traffic Manager can use TCP, HTTP or HTTPS to monitor endpoint health.
|
||||
For web-based endpoints use HTTPS.
|
||||
|
||||
If TCP is used, Traffic Manager only checks that it can open a TCP port on the endpoint.
|
||||
This alone does not indicate that the endpoint is operational and ready to receive requests.
|
||||
Additionally when using HTTP and HTTPS, Traffic Manager check HTTP response codes.
|
||||
|
||||
If HTTP is used, Traffic Manager will send unencrypted health checks to the endpoint.
|
||||
HTTPS-based health checks additionally check if a certificate is present,
|
||||
but do not validate if the certificate is valid.
|
||||
|
||||
## RECOMMENDATION
|
||||
|
||||
Consider using HTTPS to monitor web-based endpoint health.
|
||||
HTTPS-based monitoring improves security and increases accuracy of health probes.
|
||||
|
||||
## LINKS
|
||||
|
||||
- [Traffic Manager endpoint monitoring](https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring)
|
|
@ -11,7 +11,7 @@ Name | Synopsis | Severity
|
|||
[Azure.VM.DiskAttached](Azure.VM.DiskAttached.md) | Managed disks should be attached to virtual machines. | Awareness
|
||||
[Azure.VM.DiskSizeAlignment](Azure.VM.DiskSizeAlignment.md) | Managed disk is smaller than SKU size. | Awareness
|
||||
[Azure.VM.PromoSku](Azure.VM.PromoSku.md) | Virtual machines (VMs) should not use expired promotional SKU. | Awareness
|
||||
[Azure.VM.UseHybridUseBenefit](Azure.VM.UseHybridUseBenefit.md) | Use Hybrid Use Benefit. | Awareness
|
||||
[Azure.VM.UseHybridUseBenefit](Azure.VM.UseHybridUseBenefit.md) | Use Hybrid Use Benefit (HUB) for applicable virtual machine (VM) workloads. | Awareness
|
||||
|
||||
### Data recovery
|
||||
|
||||
|
@ -65,10 +65,11 @@ Name | Synopsis | Severity
|
|||
[Azure.AppService.PlanInstanceCount](Azure.AppService.PlanInstanceCount.md) | Use an App Service Plan with at least two (2) instances. | Single point of failure
|
||||
[Azure.NSG.DenyAllInbound](Azure.NSG.DenyAllInbound.md) | Avoid denying all inbound traffic. | Important
|
||||
[Azure.Storage.UseReplication](Azure.Storage.UseReplication.md) | Storage accounts not using GRS may be at risk. | Single point of failure
|
||||
[Azure.TrafficManager.Endpoints](Azure.TrafficManager.Endpoints.md) | Traffic Manager should use at lest two enabled endpoints. | Single point of failure
|
||||
[Azure.VM.ASAlignment](Azure.VM.ASAlignment.md) | Availability sets should be aligned. | Single point of failure
|
||||
[Azure.VM.ASMinMembers](Azure.VM.ASMinMembers.md) | Availability sets should be deployed with at least two members. | Single point of failure
|
||||
[Azure.VM.Standalone](Azure.VM.Standalone.md) | VMs must use premium disks or use availability sets/ zones to meet SLA requirements. | Single point of failure
|
||||
[Azure.VM.UseManagedDisks](Azure.VM.UseManagedDisks.md) | Virtual machines should use managed disks. | Single point of failure
|
||||
[Azure.VM.UseManagedDisks](Azure.VM.UseManagedDisks.md) | Virtual machines (VMs) should use managed disks. | Single point of failure
|
||||
[Azure.VNET.LocalDNS](Azure.VNET.LocalDNS.md) | Virtual networks (VNETs) should use Azure local DNS servers. | Important
|
||||
[Azure.VNET.SingleDNS](Azure.VNET.SingleDNS.md) | VNETs should have at least two DNS servers assigned. | Single point of failure
|
||||
|
||||
|
@ -123,7 +124,7 @@ Name | Synopsis | Severity
|
|||
[Azure.MySQL.AllowAzureAccess](Azure.MySQL.AllowAzureAccess.md) | Determine if access from Azure services is required. | Important
|
||||
[Azure.MySQL.FirewallIPRange](Azure.MySQL.FirewallIPRange.md) | Determine if there is an excessive number of permitted IP addresses. | Important
|
||||
[Azure.MySQL.UseSSL](Azure.MySQL.UseSSL.md) | Enforce encrypted MySQL connections. | Critical
|
||||
[Azure.NSG.AnyInboundSource](Azure.NSG.AnyInboundSource.md) | Network security groups should avoid any inbound rules. | Critical
|
||||
[Azure.NSG.AnyInboundSource](Azure.NSG.AnyInboundSource.md) | Network security groups (NSGs) should avoid rules that allow any inbound source. | Critical
|
||||
[Azure.NSG.LateralTraversal](Azure.NSG.LateralTraversal.md) | Deny outbound management connections from non-management hosts. | Important
|
||||
[Azure.PostgreSQL.AllowAzureAccess](Azure.PostgreSQL.AllowAzureAccess.md) | Determine if access from Azure services is required. | Important
|
||||
[Azure.PostgreSQL.FirewallIPRange](Azure.PostgreSQL.FirewallIPRange.md) | Determine if there is an excessive number of permitted IP addresses. | Important
|
||||
|
@ -136,6 +137,7 @@ Name | Synopsis | Severity
|
|||
[Azure.SQL.ThreatDetection](Azure.SQL.ThreatDetection.md) | Enable Advanced Thread Protection for Azure SQL logical server. | Important
|
||||
[Azure.Storage.SecureTransfer](Azure.Storage.SecureTransfer.md) | Storage accounts should only accept encrypted connections. | Important
|
||||
[Azure.Storage.UseEncryption](Azure.Storage.UseEncryption.md) | Storage Service Encryption (SSE) should be enabled. | Important
|
||||
[Azure.TrafficManager.Protocol](Azure.TrafficManager.Protocol.md) | Monitor Traffic Manager web-based endpoints with HTTPS. | Important
|
||||
[Azure.VM.ADE](Azure.VM.ADE.md) | Use Azure Disk Encryption. | Important
|
||||
[Azure.VM.PublicKey](Azure.VM.PublicKey.md) | Linux virtual machines should use public keys. | Important
|
||||
[Azure.VNET.UseNSGs](Azure.VNET.UseNSGs.md) | Subnets should have NSGs assigned. | Critical
|
||||
|
|
|
@ -146,7 +146,7 @@ task VersionModule ModuleDependencies, {
|
|||
$manifest = Test-ModuleManifest -Path $manifestPath;
|
||||
$requiredModules = $manifest.RequiredModules | ForEach-Object -Process {
|
||||
if ($_.Name -eq 'PSRule' -and $Configuration -eq 'Release') {
|
||||
@{ ModuleName = 'PSRule'; ModuleVersion = '0.13.0' }
|
||||
@{ ModuleName = 'PSRule'; ModuleVersion = '0.14.0' }
|
||||
}
|
||||
else {
|
||||
@{ ModuleName = $_.Name; ModuleVersion = $_.Version }
|
||||
|
|
|
@ -14,4 +14,5 @@
|
|||
ServiceUrlNotHttps = "The service URL for '{0}' is not a HTTPS endpoint."
|
||||
BackendUrlNotHttps = "The backend URL for '{0}' is not a HTTPS endpoint."
|
||||
ResourceNotAssociated = "The resource is not associated."
|
||||
EnabledEndpoints = "The number of enabled endpoints is {0}."
|
||||
}
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
# Copyright (c) Microsoft Corporation.
|
||||
# Licensed under the MIT License.
|
||||
|
||||
#
|
||||
# Validation rules for Traffic Manager resources
|
||||
#
|
||||
|
||||
# Synopsis: Traffic Manager should use at lest two enabled endpoints
|
||||
Rule 'Azure.TrafficManager.Endpoints' -Type 'Microsoft.Network/trafficManagerProfiles' -Tag @{ release = 'GA' } {
|
||||
$endpoints = @($TargetObject.Properties.endpoints | Where-Object { $_.Properties.endpointStatus -eq 'Enabled'});
|
||||
$Assert.Create($endpoints.Length -ge 2, ($LocalizedData.EnabledEndpoints -f $endpoints.Length))
|
||||
}
|
||||
|
||||
# Synopsis: Monitor Traffic Manager endpoints with HTTPS
|
||||
Rule 'Azure.TrafficManager.Protocol' -Type 'Microsoft.Network/trafficManagerProfiles' -If { (IsHttpMonitor) } -Tag @{ release = 'GA' } {
|
||||
$Assert.HasFieldValue($TargetObject, 'Properties.monitorConfig.protocol', 'HTTPS');
|
||||
}
|
||||
|
||||
function global:IsHttpMonitor {
|
||||
[CmdletBinding()]
|
||||
param ()
|
||||
process {
|
||||
return $TargetObject.Properties.monitorConfig.port -in 80, 443;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,76 @@
|
|||
# Copyright (c) Microsoft Corporation.
|
||||
# Licensed under the MIT License.
|
||||
|
||||
#
|
||||
# Unit tests for Traffic Manager rules
|
||||
#
|
||||
|
||||
[CmdletBinding()]
|
||||
param (
|
||||
|
||||
)
|
||||
|
||||
# Setup error handling
|
||||
$ErrorActionPreference = 'Stop';
|
||||
Set-StrictMode -Version latest;
|
||||
|
||||
if ($Env:SYSTEM_DEBUG -eq 'true') {
|
||||
$VerbosePreference = 'Continue';
|
||||
}
|
||||
|
||||
# Setup tests paths
|
||||
$rootPath = $PWD;
|
||||
Import-Module (Join-Path -Path $rootPath -ChildPath out/modules/PSRule.Rules.Azure) -Force;
|
||||
$here = (Resolve-Path $PSScriptRoot).Path;
|
||||
|
||||
Describe 'Azure.TrafficManager' -Tag 'TrafficManager' {
|
||||
$dataPath = Join-Path -Path $here -ChildPath 'Resources.TrafficManager.json';
|
||||
|
||||
Context 'Conditions' {
|
||||
$invokeParams = @{
|
||||
Baseline = 'Azure.All'
|
||||
Module = 'PSRule.Rules.Azure'
|
||||
WarningAction = 'Ignore'
|
||||
ErrorAction = 'Stop'
|
||||
}
|
||||
$result = Invoke-PSRule @invokeParams -InputPath $dataPath -Outcome All;
|
||||
|
||||
It 'Azure.TrafficManager.Endpoints' {
|
||||
$filteredResult = $result | Where-Object { $_.RuleName -eq 'Azure.TrafficManager.Endpoints' };
|
||||
|
||||
# Fail
|
||||
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
|
||||
$ruleResult | Should -Not -BeNullOrEmpty;
|
||||
$ruleResult.Length | Should -Be 2;
|
||||
$ruleResult.TargetName | Should -Be 'profile-B', 'profile-C';
|
||||
|
||||
# Pass
|
||||
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
|
||||
$ruleResult | Should -Not -BeNullOrEmpty;
|
||||
$ruleResult.Length | Should -Be 1;
|
||||
$ruleResult.TargetName | Should -Be 'profile-A';
|
||||
}
|
||||
|
||||
It 'Azure.TrafficManager.Protocol' {
|
||||
$filteredResult = $result | Where-Object { $_.RuleName -eq 'Azure.TrafficManager.Protocol' };
|
||||
|
||||
# Fail
|
||||
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
|
||||
$ruleResult | Should -Not -BeNullOrEmpty;
|
||||
$ruleResult.Length | Should -Be 1;
|
||||
$ruleResult.TargetName | Should -Be 'profile-A';
|
||||
|
||||
# Pass
|
||||
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
|
||||
$ruleResult | Should -Not -BeNullOrEmpty;
|
||||
$ruleResult.Length | Should -Be 1;
|
||||
$ruleResult.TargetName | Should -Be 'profile-C';
|
||||
|
||||
# None
|
||||
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'None' });
|
||||
$ruleResult | Should -Not -BeNullOrEmpty;
|
||||
$ruleResult.Length | Should -Be 1;
|
||||
$ruleResult.TargetName | Should -Be 'profile-B';
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,198 @@
|
|||
[
|
||||
{
|
||||
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-test/providers/Microsoft.Network/trafficManagerProfiles/profile-A",
|
||||
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-test/providers/Microsoft.Network/trafficManagerProfiles/profile-A",
|
||||
"Identity": null,
|
||||
"Kind": null,
|
||||
"Location": "global",
|
||||
"ManagedBy": null,
|
||||
"ResourceName": "profile-A",
|
||||
"Name": "profile-A",
|
||||
"Properties": {
|
||||
"profileStatus": "Enabled",
|
||||
"trafficRoutingMethod": "Geographic",
|
||||
"dnsConfig": {
|
||||
"relativeName": "profile-A",
|
||||
"fqdn": "profile-A.trafficmanager.net",
|
||||
"ttl": 60
|
||||
},
|
||||
"monitorConfig": {
|
||||
"profileMonitorStatus": "Degraded",
|
||||
"protocol": "HTTP",
|
||||
"port": 80,
|
||||
"path": "/",
|
||||
"intervalInSeconds": 30,
|
||||
"toleratedNumberOfFailures": 3,
|
||||
"timeoutInSeconds": 10
|
||||
},
|
||||
"endpoints": [
|
||||
{
|
||||
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-test/providers/Microsoft.Network/trafficManagerProfiles/profile-A/externalEndpoints/endpoint-A",
|
||||
"name": "endpoint-A",
|
||||
"type": "Microsoft.Network/trafficManagerProfiles/externalEndpoints",
|
||||
"properties": {
|
||||
"endpointStatus": "Enabled",
|
||||
"endpointMonitorStatus": "Degraded",
|
||||
"target": "endpoint-A01.azureedge.net",
|
||||
"weight": 1,
|
||||
"priority": 1,
|
||||
"endpointLocation": null,
|
||||
"geoMapping": [
|
||||
"WORLD"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-test/providers/Microsoft.Network/trafficManagerProfiles/profile-A/externalEndpoints/endpoint-B",
|
||||
"name": "endpoint-B",
|
||||
"type": "Microsoft.Network/trafficManagerProfiles/externalEndpoints",
|
||||
"properties": {
|
||||
"endpointStatus": "Enabled",
|
||||
"endpointMonitorStatus": "Degraded",
|
||||
"target": "endpoint-B01.azureedge.net",
|
||||
"weight": 1,
|
||||
"priority": 1,
|
||||
"endpointLocation": null,
|
||||
"geoMapping": [
|
||||
"WORLD"
|
||||
]
|
||||
}
|
||||
}
|
||||
],
|
||||
"trafficViewEnrollmentStatus": "Disabled",
|
||||
"maxReturn": 0
|
||||
},
|
||||
"ResourceGroupName": "rg-test",
|
||||
"Type": "Microsoft.Network/trafficManagerProfiles",
|
||||
"ResourceType": "Microsoft.Network/trafficManagerProfiles",
|
||||
"ExtensionResourceType": null,
|
||||
"Sku": null,
|
||||
"Tags": {},
|
||||
"SubscriptionId": "00000000-0000-0000-0000-000000000000"
|
||||
},
|
||||
{
|
||||
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-test/providers/Microsoft.Network/trafficManagerProfiles/profile-B",
|
||||
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-test/providers/Microsoft.Network/trafficManagerProfiles/profile-B",
|
||||
"Identity": null,
|
||||
"Kind": null,
|
||||
"Location": "global",
|
||||
"ManagedBy": null,
|
||||
"ResourceName": "profile-B",
|
||||
"Name": "profile-B",
|
||||
"Properties": {
|
||||
"profileStatus": "Enabled",
|
||||
"trafficRoutingMethod": "Geographic",
|
||||
"dnsConfig": {
|
||||
"relativeName": "profile-B",
|
||||
"fqdn": "profile-B.trafficmanager.net",
|
||||
"ttl": 60
|
||||
},
|
||||
"monitorConfig": {
|
||||
"profileMonitorStatus": "Degraded",
|
||||
"protocol": "TCP",
|
||||
"port": 1433,
|
||||
"intervalInSeconds": 30,
|
||||
"toleratedNumberOfFailures": 3,
|
||||
"timeoutInSeconds": 10
|
||||
},
|
||||
"endpoints": [
|
||||
{
|
||||
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-test/providers/Microsoft.Network/trafficManagerProfiles/profile-B/externalEndpoints/endpoint-A",
|
||||
"name": "endpoint-A",
|
||||
"type": "Microsoft.Network/trafficManagerProfiles/externalEndpoints",
|
||||
"properties": {
|
||||
"endpointStatus": "Enabled",
|
||||
"endpointMonitorStatus": "Degraded",
|
||||
"target": "endpoint-A01.azureedge.net",
|
||||
"weight": 1,
|
||||
"priority": 1,
|
||||
"endpointLocation": null,
|
||||
"geoMapping": [
|
||||
"WORLD"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-test/providers/Microsoft.Network/trafficManagerProfiles/profile-B/externalEndpoints/endpoint-B",
|
||||
"name": "endpoint-B",
|
||||
"type": "Microsoft.Network/trafficManagerProfiles/externalEndpoints",
|
||||
"properties": {
|
||||
"endpointStatus": "Disabled",
|
||||
"endpointMonitorStatus": "Degraded",
|
||||
"target": "endpoint-B01.azureedge.net",
|
||||
"weight": 1,
|
||||
"priority": 1,
|
||||
"endpointLocation": null,
|
||||
"geoMapping": [
|
||||
"WORLD"
|
||||
]
|
||||
}
|
||||
}
|
||||
],
|
||||
"trafficViewEnrollmentStatus": "Disabled",
|
||||
"maxReturn": 0
|
||||
},
|
||||
"ResourceGroupName": "rg-test",
|
||||
"Type": "Microsoft.Network/trafficManagerProfiles",
|
||||
"ResourceType": "Microsoft.Network/trafficManagerProfiles",
|
||||
"ExtensionResourceType": null,
|
||||
"Sku": null,
|
||||
"Tags": {},
|
||||
"SubscriptionId": "00000000-0000-0000-0000-000000000000"
|
||||
},
|
||||
{
|
||||
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-test/providers/Microsoft.Network/trafficManagerProfiles/profile-C",
|
||||
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-test/providers/Microsoft.Network/trafficManagerProfiles/profile-C",
|
||||
"Identity": null,
|
||||
"Kind": null,
|
||||
"Location": "global",
|
||||
"ManagedBy": null,
|
||||
"ResourceName": "profile-C",
|
||||
"Name": "profile-C",
|
||||
"Properties": {
|
||||
"profileStatus": "Enabled",
|
||||
"trafficRoutingMethod": "Geographic",
|
||||
"dnsConfig": {
|
||||
"relativeName": "profile-C",
|
||||
"fqdn": "profile-C.trafficmanager.net",
|
||||
"ttl": 60
|
||||
},
|
||||
"monitorConfig": {
|
||||
"profileMonitorStatus": "Degraded",
|
||||
"protocol": "HTTPS",
|
||||
"port": 443,
|
||||
"path": "/",
|
||||
"intervalInSeconds": 30,
|
||||
"toleratedNumberOfFailures": 3,
|
||||
"timeoutInSeconds": 10
|
||||
},
|
||||
"endpoints": [
|
||||
{
|
||||
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-test/providers/Microsoft.Network/trafficManagerProfiles/profile-C/externalEndpoints/endpoint-A",
|
||||
"name": "endpoint-A",
|
||||
"type": "Microsoft.Network/trafficManagerProfiles/externalEndpoints",
|
||||
"properties": {
|
||||
"endpointStatus": "Enabled",
|
||||
"endpointMonitorStatus": "Degraded",
|
||||
"target": "endpoint-A01.azureedge.net",
|
||||
"weight": 1,
|
||||
"priority": 1,
|
||||
"endpointLocation": null,
|
||||
"geoMapping": [
|
||||
"WORLD"
|
||||
]
|
||||
}
|
||||
}
|
||||
],
|
||||
"trafficViewEnrollmentStatus": "Disabled",
|
||||
"maxReturn": 0
|
||||
},
|
||||
"ResourceGroupName": "rg-test",
|
||||
"Type": "Microsoft.Network/trafficManagerProfiles",
|
||||
"ResourceType": "Microsoft.Network/trafficManagerProfiles",
|
||||
"ExtensionResourceType": null,
|
||||
"Sku": null,
|
||||
"Tags": {},
|
||||
"SubscriptionId": "00000000-0000-0000-0000-000000000000"
|
||||
}
|
||||
]
|
Загрузка…
Ссылка в новой задаче