From d48f96fef2d88f16cc4f74cf30fc31b4478fc430 Mon Sep 17 00:00:00 2001
From: gusmodena <44907284+gumoden@users.noreply.github.com>
Date: Wed, 11 Sep 2024 15:34:57 -0400
Subject: [PATCH 1/2] Create README.md for a new police for DDoS protection on
 AppGw

Create README.md for a new police for DDoS protection on AppGw
---
 .../README.md                                                  | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 Azure DDoS Protection/Policy - Azure Policy Definitions/Public IPs Associated with Azure Application Gateway Should Have DDoS Protection Enabled/README.md

diff --git a/Azure DDoS Protection/Policy - Azure Policy Definitions/Public IPs Associated with Azure Application Gateway Should Have DDoS Protection Enabled/README.md b/Azure DDoS Protection/Policy - Azure Policy Definitions/Public IPs Associated with Azure Application Gateway Should Have DDoS Protection Enabled/README.md
new file mode 100644
index 0000000..98a9993
--- /dev/null
+++ b/Azure DDoS Protection/Policy - Azure Policy Definitions/Public IPs Associated with Azure Application Gateway Should Have DDoS Protection Enabled/README.md	
@@ -0,0 +1,3 @@
+## Public IPs Associated with Azure Application Gateway Should Have DDoS Protection Enabled
+
+This policy makes sure that Azure Application Gateway Public IPs are protected with Azure DDoS Protection.

From 145cf3718658d02c38f20591a3e3c8e86a4af8ae Mon Sep 17 00:00:00 2001
From: gusmodena <44907284+gumoden@users.noreply.github.com>
Date: Wed, 11 Sep 2024 15:44:15 -0400
Subject: [PATCH 2/2] new policy for appgw pips

New Azure Policy for enabling DDoS protection on Azure AppGw Public IPs
---
 ...y Should Have DDoS Protection Enabled.json | 59 +++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 Azure DDoS Protection/Policy - Azure Policy Definitions/Public IPs Associated with Azure Application Gateway Should Have DDoS Protection Enabled/Public IPs Associated with Azure Application Gateway Should Have DDoS Protection Enabled.json

diff --git a/Azure DDoS Protection/Policy - Azure Policy Definitions/Public IPs Associated with Azure Application Gateway Should Have DDoS Protection Enabled/Public IPs Associated with Azure Application Gateway Should Have DDoS Protection Enabled.json b/Azure DDoS Protection/Policy - Azure Policy Definitions/Public IPs Associated with Azure Application Gateway Should Have DDoS Protection Enabled/Public IPs Associated with Azure Application Gateway Should Have DDoS Protection Enabled.json
new file mode 100644
index 0000000..253cd2e
--- /dev/null
+++ b/Azure DDoS Protection/Policy - Azure Policy Definitions/Public IPs Associated with Azure Application Gateway Should Have DDoS Protection Enabled/Public IPs Associated with Azure Application Gateway Should Have DDoS Protection Enabled.json	
@@ -0,0 +1,59 @@
+{
+    "properties": {
+        "displayName": "Public IPs Associated with Azure Application Gateway Should Have DDoS Protection Enabled",
+        "policyType": "Custom",
+        "mode": "All",
+        "description": "Public IPs Associated with Azure Application Gateway Should Have DDoS Protection Enabled.\n\nNote: The Policy checks if DDoS Protection (Virtual Network Inherited or IP Protection is enabled on all Public IP addresses. For Azure Firewall Public IP addresses that do not have DDoS Protection, a non compliance state is returned. ",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "Network"
+        },
+        "version": "1.0.0",
+        "parameters": {
+            "effect": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "Audit",
+                    "Deny"
+                ],
+                "defaultValue": "Audit"
+            }
+        },
+        "policyRule": {
+            "if": {
+                "allOf": [
+                    {
+                        "field": "type",
+                        "equals": "Microsoft.Network/publicIPAddresses"
+                    },
+                    {
+                        "field": "Microsoft.Network/publicIPAddresses/ipConfiguration.id",
+                        "contains": "/providers/Microsoft.Network/applicationGateways/"
+                    },
+                    {
+                        "allOf": [
+                            {
+                                "field": "Microsoft.Network/publicIPAddresses/ddosSettings.protectionMode",
+                                "notEquals": "Enabled"
+                            },
+                            {
+                                "field": "Microsoft.Network/publicIPAddresses/ddosSettings.protectionMode",
+                                "notEquals": "VirtualNetworkInherited"
+                            }
+                        ]
+                    }
+                ]
+            },
+            "then": {
+                "effect": "[parameters('effect')]"
+            }
+        },
+        "versions": [
+            "1.0.0"
+        ]
+    }
+}
\ No newline at end of file