Purge Protect App Configuration Stores#
Reliability · App Configuration · Rule · 2022_12 · Important
Consider purge protection for app configuration store to ensure store cannot be purged in the retention period.
Description#
With purge protection enabled, soft deleted stores can't be purged in the retention period. If disabled, the soft deleted store can be purged before the retention period expires. Once purge protection is enabled on a store, it can't be disabled.
Purge protection is only available for configuration stores that use the standard SKU.
Recommendation#
Consider enabling purge protection for app configuration stores.
Examples#
Configure with Azure template#
To deploy App Configuration Stores that pass this rule:
- Set the
properties.enablePurgeProtection
property totrue
.
For example:
{
"type": "Microsoft.AppConfiguration/configurationStores",
"apiVersion": "2023-03-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"sku": {
"name": "standard"
},
"properties": {
"disableLocalAuth": true,
"enablePurgeProtection": true,
"publicNetworkAccess": "Disabled"
}
}
Configure with Bicep#
To deploy App Configuration Stores that pass this rule:
- Set the
properties.enablePurgeProtection
property totrue
.
For example:
resource store 'Microsoft.AppConfiguration/configurationStores@2023-03-01' = {
name: name
location: location
sku: {
name: 'standard'
}
properties: {
disableLocalAuth: true
enablePurgeProtection: true
publicNetworkAccess: 'Disabled'
}
}
Configure with Bicep Public Registry#
To deploy App Configuration Stores that pass this rule:
- Set the
params.enablePurgeProtection
parameter totrue
.
For example:
module br_public_store 'br/public:app/app-configuration:1.1.2' = {
name: 'store'
params: {
skuName: 'Standard'
disableLocalAuth: true
enablePurgeProtection: true
publicNetworkAccess: 'Disabled'
replicas: [
{
name: 'eastus'
location: 'eastus'
}
]
}
}