This reference implementation is based on Cloud Adoption Framework for Azure and provides an opinionated implementation that enables ITSG-33 regulatory compliance by using NIST SP 800-53 Rev. 4 and Canada Federal PBMM Regulatory Compliance Policy Sets.
MIT License
121
stars
87
forks
source link
EventGrid/EventSubscription not supported for Diagnostics Settings to Log Analytics #386
Describe the bug
After deploying the policy from ALZ 1.2, compliance could not be achieved on the Audit diagnostic setting for selected resource types . (CBS eventgrid/eventsubscription from the CCCS tool)
Expected behavior
Expect that after remediation, resource types included in the above policy audit would be marked as compliant.
Describe the bug After deploying the policy from ALZ 1.2, compliance could not be achieved on the Audit diagnostic setting for selected resource types . (CBS eventgrid/eventsubscription from the CCCS tool)
Expected behavior Expect that after remediation, resource types included in the above policy audit would be marked as compliant.
Screenshots I![image](https://github.com/Azure/CanadaPubSecALZ/assets/95640026/2d57b346-a11d-49c5-8ec7-bff5b6226c1c)
The definition (https://github.com/Azure/CanadaPubSecALZ/blob/main/policy/custom/definitions/policyset/LogAnalytics.bicep) for Log Analytics includes 'Microsoft.EventGrid/eventSubscriptions' in the default values which targets it in the audit for diagnostics settings but this resource type does not support Diagnostics Settings as per the Microsoft documentation : https://learn.microsoft.com/en-us/azure/event-grid/enable-diagnostic-logs-topic
Additional context Add any other context about the problem here