search

Azure / Enterprise-Scale

The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
https://aka.ms/alz
MIT License
1.72k stars 978 forks source link

Bug Report : Missing some of the required policy files from the repo #1555

Closed TheAshishRepo closed 9 months ago

TheAshishRepo commented 9 months ago

I have a requirement to implement ifra-as-code using ARM templates, and so i took the route to do it manually and following steps from "https://github.com/Azure/Enterprise-Scale/tree/main/eslzArm". After created all required pre-requisites, i tried running Powershell command through Jenkins CICD pipeline and found below issue on the scripts and code, wanted to request the community to take a look and let me know if there is something i am missing here or some one has faced similar issue in the past. Immediate help is appreciated, please feel free to ask any follow-up questions you might have around how i have designed my CICD pipeline, happy to share if needed.

Describe the bug Bug 1: Missing policy file from the repo which is referenced with in the Powershell script.

  1. DENY-PublicEndpointsPolicySetDefinition.json
  2. DINE-PrivateDNSZonesPolicySetDefinition.json

  3. DENY-RDPFromInternetPolicyAssignment.json

    Bug 2: variable assignment typo error on line : 113 , 123, 134 typo: -logAnalyticsResourceId "/subscriptions/$($ManagementSubscriptionId)/resourceGroups/$($eslzPrefix)-mgmt/providers/Microsoft.OperationalInsights/workspaces/$($eslzPrefix)-law" `

corrected : -logAnalyticsResourceId "/subscriptions/$($ManagementSubscriptionId)/resourceGroups/$($ESLZPrefix)-mgmt/providers/Microsoft.OperationalInsights/workspaces/$($ESLZPrefix)-law"

Bug 3 :Mediatory reference argument missing on Sql-auditing block

-logAnalyticsResourceId "/subscriptions/$($ManagementSubscriptionId)/resourceGroups/$($ESLZPrefix)-mgmt/providers/Microsoft.OperationalInsights/workspaces/$($ESLZPrefix)-law" -ManagementGroupId "$($ESLZPrefix)-landingzones"

Screenshots

image image image image

Thanks Ashish Anand webashu@gmail.com +91-9611703056

jtracey93 commented 9 months ago

Hey @TheAshishRepo, I'd highly suggest using the ALZ Bicep repo instead over at https://aka.ms/alz/bicep as this repo is primarily for the portal experience

TheAshishRepo commented 9 months ago

Hello @jtracey93 (Jack), appreciate your time to revert on above ask, as suggested i can give a try using bicep, but right now i have business requirement to use ARM template, will there be any possibility to add those missing files (DENY-PublicEndpointsPolicySetDefinition.json DINE-PrivateDNSZonesPolicySetDefinition.json DENY-RDPFromInternetPolicyAssignment.json), as rest of the issues has been modified into my version of code. if we can just check-in these 3 files i should be good to complete the deployment using ARM template.

Thanks for your help in advance. (Ashish) @TheAshishRepo

jtracey93 commented 9 months ago

Hey @TheAshishRepo these will all exist in this folder: https://github.com/Azure/Enterprise-Scale/tree/main/eslzArm/managementGroupTemplates/policyAssignments

Please note many of the policies will have been updated in terms of names, definitions and what is ultimately assigned. Please review the Whats New page for the info on all of these in our policy refreshes that we do each quarter.

Also checkout the latest assignments, including a spreadsheet, for the latest ALZ policy assignments at https://aka.ms/alz/policies

Thanks

Jack

microsoft-github-policy-service[bot] commented 9 months ago

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 5 days.