search

Azure / Enterprise-Scale

The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
https://aka.ms/alz
MIT License
1.73k stars 979 forks source link

Bug Report - Invalid Deployment Locations for China DINE Policies #1145

Open jim-mclean opened 2 years ago

jim-mclean commented 2 years ago

A few DeployIfNotExist policies have invalid deployment locations for use in AzureChinaCloud and any resulting deployments fail due to an invalidate location

These are the ones that I caught, but there may be more:

~ Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts [2021-06-01] ~ properties.policyRule.then.details.deployment.location: "chinanorth3" => "northeurope"

~ Microsoft.Authorization/policyDefinitions/Deploy-DDoSProtection [2021-06-01] ~ properties.policyRule.then.details.deployment.location: "chinanorth3" => "northeurope"

~ Microsoft.Authorization/policyDefinitions/Deploy-FirewallPolicy [2021-06-01] ~ properties.policyRule.then.details.deployment.location: "chinanorth3" => "northeurope"

~ Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs-to-LA [2021-06-01] ~ properties.policyRule.then.details.deployment.location: "chinanorth3" => "northeurope"

~ Microsoft.Authorization/policyDefinitions/Deploy-VNET-HubSpoke [2021-06-01] ~ properties.policyRule.then.details.deployment.location: "chinanorth3" => "northeurope

Expected behaviour

DINE China policies to only include locations that existing in AzureChinaCloud

jtracey93 commented 1 year ago

Thanks for raising @jim-mclean

Moving this to the upstream repo as this is the ALZ policy source of truth and this will need to be fixed across all implementations