Policy question ESLZ platform foundation vs XXX Landing zone Accelerator

[BartDecker]

Quick question related to below quote.

The AKS Landing Zone Accelerator is only concerned with what gets deployed in the landing zone subscription highlighted by the red box in the picture above. It is assumed that an appropriate platform foundation is already setup which may or may not be the official ESLZ platform foundation. This means that policies and governance should already be in place or should be setup after this implementation and are not a part of the scope this reference implementation. The policies applied to management groups in the hierarchy above the subscription will trickle down to the AKS Landing Zone Accelerator landing zone subscription. Having a platform foundation is not mandatory, it just enhances it. The modularized approach used in this program allows the user to pick and choose whatever portion is useful to them. You don't have to use all the resources provided by this program.

I see that the AKS Landing zone Accelerator has an x number of Kubernetes policies which are not part of the ESLZ platform foundation as deployed by Azure Landingzones

In the examples they are assigned to the resourcegroup in which the AKS cluster lives.

Should the list of AKS policies in ESLZ platform be the same as the policies mentioned here? https://github.com/Azure/AKS-Landing-Zone-Accelerator/tree/main/Scenarios/Azure-Policy-ES-for-AKS

What I'm trying to understand in general is if all policies related to resources for which an application accelerator is available should be part of the platform foundation or if the application accelerator can be seen as providing an x number of policies on top of what platform foundation already deploys?

[scarter-brighthealth]

I have this exact question. I have used terraform-azurerm-caf-enterprise-scale for my core setup. I'm now ready to expand and add an AKS landing zone. However, I'm unsure exactly how this accelerator ties in with that setup. Could anyone on the team provide any further clarity into this?

I'm clear on how to create additional custom landing zones, my specific question relates to the additional policies listed in this accelerator. What is the correct method to incorporate these into the terraform-azurerm-caf-enterprise-scale module vs enabling them manually via PS or CLI?