https://github.com/davidmoremad/azure-security-templates
Useful templates of security policies, roles and runbooks to protect your Azure account
https://github.com/davidmoremad/azure-security-templates
azure cloud-security security
Last synced: 10 months ago
JSON representation
Useful templates of security policies, roles and runbooks to protect your Azure account
- Host: GitHub
- URL: https://github.com/davidmoremad/azure-security-templates
- Owner: davidmoremad
- License: apache-2.0
- Created: 2022-04-12T15:14:07.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2023-09-22T13:16:41.000Z (almost 3 years ago)
- Last Synced: 2024-11-15T09:50:00.623Z (over 1 year ago)
- Topics: azure, cloud-security, security
- Language: PowerShell
- Homepage:
- Size: 11.7 KB
- Stars: 3
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# azure-security-templates
Useful templates of security policies, roles and runbooks to protect your Azure account
---
## Policies
I've added just 4 policies to start with, but I'll be adding more as I go along.
⚠️ Remember: You need to edit these policies to add your own values.
Editable values are clearly marked.
* [Deny owner & contributor roles](policies/deny_owner_contributor_role.json)
* [Deny public critical ports](policies/deny_public_critical_ports.json)
* [Deny service principal with owner role](policies/deny_service_principal_with_owner_role.json)
* [Limit maximum users (3) with owner role](policies/limit_max_3_user_with_owner_role.json)
## Runbooks
In order to prevent most common security issues, I've added some runbooks to automate some tasks.
⚠️ Remember: You need to edit the runbooks to add your own values.
Editable values are at the top of the file with a comment.
* [update_exposed_ssh_rdp.ps1](runbooks/update_exposed_ssh_rdp.ps1)
* [update_users_with_admin_roles.ps1](runbooks/update_users_with_admin_roles.ps1)
## Roles
I've added just 2 roles to start with, but I'll be adding more as I go along.
* [Owner sec](roles/owner-sec.json)
* [Contributor sec](roles/contributor-sec.json)
These roles are based on the default owner and contributor roles, but with some restrictions added. **Anyway these are not safe at all** but they are better than the default ones.
I'll be adding safer roles like: `Developer`, `Devops`, `Product Owner` or `Security Auditor`.