search

Azure / Enterprise-Scale

The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
https://aka.ms/alz
MIT License
1.69k stars 963 forks source link

Feature Request - Implementation checklist #1527

Open vegazbabz opened 8 months ago

vegazbabz commented 8 months ago

I would like an implementation checklist in Excel to go through all potential steps from A-Z when implementating ALZ/ESLZ.

This should include policy deployments, such as "have you deployed this definition?" + "have you assigned this definition?". Could include on what scope, did you amend the custom policies initiatives, etc. so this checklist actually can turn into documentation afterwards. The reason I would like to include the scope and changes to the proposed ALZ initiative is because the initiative is lacking a serious amount of resource types (yes, that could be another feature request ;-) ). Such as "Azure SQL Managed Instances should disable public network access" in "Public network access should be disabled for PaaS services".

There could also be a "review PS script" that you can run once you believe you are done with the implementation that will verify the configurations and give you missing tasks or gaps.

The existing review checklists (Azure/review-checklists) are very nice, however, it is not focusing on the detailed level of the deployment of e.g. policies.

Springstone commented 8 months ago

Hello @vegazbabz. I'm not following the request as what you're asking for is the purpose of the ALZ reference implementations (whether through portal, Bicep or Terraform). If you're specifically looking for information about policy, what you're asking for is documented here: https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Policies with an Excel version with the information you describe here: https://github.com/Azure/Enterprise-Scale/wiki/media/ALZ%20Policy%20Assignments%20v2.xlsx.

If you are trying to manually deploy an environment to align with ALZ, I'd refer you to the Cloud Adoption Framework documentation, our objective is not to validate custom implementations alignment to ALZ. To deploy an ALZ aligned Azure estate, I'd highly recommend you use one of the available reference implementations to ensure it is fully configured and aligned.

Where some services are not currently covered by a service, please raise a GitHub Issue for that specifically, so we can add to our backlog and remediate as part of our regular release cycles (this can happen as new policies are continually being released and weren't available on last review or when authoring).