Closed gsuttie closed 3 months ago
Hey @gsuttie,
Can you share the module declaration code you are using and what version of the module?
Maybe via a gist or here as a comment so we can try and repro?
Module code im using is from policyAssignmentManagementGroup.bicep
And I am calling from PowerShell like so:-
az deployment mg create --name $deploymentID
--location $primaryLocation --management-group-id 'mg-Production'
--template-file ./policyAssignmentManagementGroup.bicep --parameters ./policyAssignmentManagementGroup.bicepparam
--confirm-with-what-if `
--output none
Here is my bicepparameters file
using 'policyAssignmentManagementGroup.bicep'
param parPolicyAssignmentName = 'Iso27001' param parPolicyAssignmentDisplayName = 'ISO 27001-2013' param parPolicyAssignmentDescription = 'This policy assignment is for ISO 27001-2013' param parPolicyAssignmentDefinitionId = '/providers/Microsoft.Authorization/policySetDefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2' param parPolicyAssignmentParameters = {} param parPolicyAssignmentParameterOverrides = {} //param parPolicyAssignmentNonComplianceMessages nonComplianceMessageType = []
param parPolicyAssignmentNotScopes = []
param parPolicyAssignmentEnforcementMode = 'Default' param parPolicyAssignmentOverrides = [] param parPolicyAssignmentResourceSelectors = [] param parPolicyAssignmentIdentityType = 'SystemAssigned' param parPolicyAssignmentIdentityRoleAssignmentsAdditionalMgs = ['mg-Test', 'mg-PreProduction'] param parPolicyAssignmentIdentityRoleAssignmentsSubs = [] param parPolicyAssignmentIdentityRoleAssignmentsResourceGroups = [] param parPolicyAssignmentIdentityRoleDefinitionIds = []
Ah i see what this is now.
This module assigns a policy only to a single management group but it will allow you to assign a managed identity associated to the policy assignment for remediation to many scopes as this is a common requirement in ALZ.
So if you want the policy assigned to many management groups you need to call the module once for each assignment scope.
Hope that clears it up.
What happened? Provide a clear and concise description of the bug, including deployment details.
I a using the ALZ modules and particularly this one - ALZ-Bicep/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep
When I run this and populate the parameter called parPolicyAssignmentIdentityRoleAssignmentsAdditionalMgs like so ['mg-Test', 'mg-PreProduction'] neither of these 2 are being populated only the one I reference like so:-
az deployment mg create
--name $deploymentID
--location $primaryLocation--management-group-id 'mg-Production'
--template-file ./policyAssignmentManagementGroup.bicep--parameters ./policyAssignmentManagementGroup.bicepparam
--confirm-with-what-if ` --output noneso mg-Production is assigned a policy but neither of the 2 additional ones are (['mg-Test', 'mg-PreProduction'] )
Please provide the correlation id associated with your error or bug.
n/a
What was the expected outcome?
I would expect all 3 Management Groups to have the Policy assigned
Relevant log output
No response
Check previous GitHub issues
Code of Conduct