Closed msundman78 closed 2 months ago
Hey @msundman78, I appreciate you bringing this up. However, as alzDefaultPolicyAssignments is our opinionated approach for handling policy for the ALZ architecture and is in alignment with the Enterprise-Scale repo in terms of the assignment scopes, I think we will these out for this particular module at this point in time.
Let us know the feedback or general question
I wanted to exclude a MgmtGroup using notScopes in the Deploy-ASC-Monitoring alzDefault Policy module by editing:
_infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_ascmonitoring.tmpl.json
However, the notScopes property is passed on to the modPolicyAssignmentIntRootDeployAscMonitoring module in alzDefaultPolicyAssignments.bicep, so I had to also add this line to get it working:
parPolicyAssignmentNotScopes: varPolicyAssignmentDeployASCMonitoring.libDefinition.properties.notScopes
Shouldn't this parameter always be passed along to all Policy Assignment modules used by alzDefaults so we only have to edit the parameter files for the policy?
Code of Conduct