Azure / ALZ-Bicep

This repository contains the Azure Landing Zones (ALZ) Bicep modules that help deliver and deploy the Azure Landing Zone conceptual architecture in a modular approach. https://aka.ms/alz/docs

MIT License

728 stars 485 forks source link

Enhancement: Policy Refresh H2 FY24 and Changes for AMA #785

Closed cae-pr-creator[bot] closed 2 weeks ago

cae-pr-creator[bot] commented 1 month ago

Overview/Summary

This will be in our next major release and includes the policy refresh for H2 2024 and the necessary changes to move away from Microsoft Monitoring Agent to Azure Monitoring Agent.

Linked Work Items:

AB#34921 AB#22581

This PR fixes/adds/changes/removes

Policy Refresh for H2 FY24
AMA Changes/Updates
Update Policy Assignments resource provider api version to 2024-04-01

Breaking Changes

None

Testing Evidence

Validated deployment over the top of current release.

As part of this Pull Request I have

[x] Read the Contribution Guide and ensured this PR is compliant with the guide
[x] Ensured the resource API versions in .bicep file/s I am adding/editing are using the latest API version possible
[x] Checked for duplicate Pull Requests
[x] Associated it with relevant GitHub Issues
[x] (ALZ Bicep Core Team Only) Associated it with relevant ADO Items
[x] Ensured my code/branch is up-to-date with the latest changes in the main branch
[x] Performed testing and provided evidence.
[x] Updated one or more of the following tests (if required)
[x] Updated relevant and associated documentation (e.g. Contribution Guide, Module READMEs, Wiki Docs etc.)
[x] If relevant, created or updated Code Tours here

oZakari commented 2 weeks ago

/azp run validateazcloud

azure-pipelines[bot] commented 2 weeks ago

Azure Pipelines successfully started running 1 pipeline(s).

oZakari commented 2 weeks ago

/azp run validateazcloud

azure-pipelines[bot] commented 2 weeks ago

Azure Pipelines successfully started running 1 pipeline(s).

oZakari commented 2 weeks ago

@jaredfholgate Good to review and thanks again!

oZakari commented 2 weeks ago

@oZakari This is amazing work, must have taken some serious effort!

I added a few comments and these more general questions:

Are we missing a policy assignment for blocking deletion of the UAMI? https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/blob/main/modules/archetypes/lib/policy_assignments/policy_assignment_es_denyaction_deleteuamiama.tmpl.json

I'm also looking at the other new policy assignments we synced to Terraform and not seeing them all here. You can look at this diff to see them: Azure/terraform-azurerm-caf-enterprise-scale@5.2.1-fixes...main

Thanks, I was missing the Delete-UAMI one.

oZakari commented 2 weeks ago

/azp run validateazcloud

azure-pipelines[bot] commented 2 weeks ago

Azure Pipelines successfully started running 1 pipeline(s).

jtracey93 commented 2 weeks ago

/azp run validateazcloud

azure-pipelines[bot] commented 2 weeks ago

Azure Pipelines successfully started running 1 pipeline(s).