Governance Policies Azure Networking Traffic Manager - Azure/az-prototype GitHub Wiki
Governance policies for Traffic Manager
Domain: azure-networking
| Name | Description |
|---|---|
| Traffic Manager with Performance routing and HTTPS monitoring | Multi-region failover with Performance routing and health probes |
| Description | Instead |
|---|---|
| Do not use HTTP health monitoring for production endpoints | Always use HTTPS monitoring with a proper health check path |
| Do not use Traffic Manager with a single endpoint | Use at least two endpoints in different regions for high availability |
| Check | Severity | Description |
|---|---|---|
| AZ-TM-001 | Required | Configure Traffic Manager profile with appropriate routing method and HTTPS monitoring |
| AZ-TM-002 | Required | Configure endpoints with proper priority and geographic constraints |
| AZ-TM-003 | Recommended | Enable diagnostic settings for Traffic Manager profile |
| AZ-TM-004 | Recommended | Use nested profiles for complex routing topologies |
Configure Traffic Manager profile with appropriate routing method and HTTPS monitoring
Severity: Required
Rationale: HTTPS monitoring ensures endpoints are reachable and TLS is functional; routing method must match traffic pattern
Agents: terraform-agent, bicep-agent, cloud-architect
- Microsoft.Network/trafficManagerProfiles
| Resource | Name | Purpose |
|---|---|---|
| Microsoft.Network/trafficManagerProfiles/azureEndpoints | ep-azure | Azure endpoint definitions |
| Microsoft.Network/trafficManagerProfiles/externalEndpoints | ep-external | External endpoint definitions |
| Microsoft.Insights/diagnosticSettings | diag-udr | Route logs to Log Analytics |
Configure endpoints with proper priority and geographic constraints
Severity: Required
Rationale: Endpoint configuration determines traffic distribution and failover behavior
Agents: terraform-agent, bicep-agent, cloud-architect
- Microsoft.Network/trafficManagerProfiles
| Resource | Name | Purpose |
|---|---|---|
| Microsoft.Network/trafficManagerProfiles | tm-profile | Parent profile |
| Microsoft.Web/sites | app | Target resources |
Enable diagnostic settings for Traffic Manager profile
Severity: Recommended
Rationale: Monitor endpoint health probe results and DNS query patterns
Agents: terraform-agent, bicep-agent, cloud-architect, monitoring-agent
- Microsoft.Network/trafficManagerProfiles
| Resource | Name | Purpose |
|---|---|---|
| Microsoft.OperationalInsights/workspaces | log-analytics | Log Analytics workspace |
Use nested profiles for complex routing topologies
Severity: Recommended
Rationale: Nested profiles allow combining routing methods (e.g., Performance at top, Weighted at region level)
Agents: terraform-agent, bicep-agent, cloud-architect
- Microsoft.Network/trafficManagerProfiles
| Resource | Name | Purpose |
|---|---|---|
| Microsoft.Network/trafficManagerProfiles | tm-child | Child profile |