search

Azure / Enterprise-Scale

The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
https://aka.ms/alz
MIT License
1.73k stars 979 forks source link

Feature Request: Update Policy Definition `Deploy-Private-DNS-Generic` to expose location as parameter #1699

Closed jtracey93 closed 1 month ago

jtracey93 commented 4 months ago

As requested in https://github.com/MicrosoftDocs/cloud-adoption-framework/issues/1103 (no longer accessible due to issues in the repo being disabled)

" If using RSV for Azure Backup in multiple regions, there is no check to ensure that the DNS records is created in the correct Private DNS zone. If two or more policies are assigned using the same SubResource/GroupId then DNS records will be created randomly in the different private DNS zones, e.g. in privatelink.we.backup.windowsazure.com and in privatelink.sdc.backup.windowsazure.com.

If an additional check is added on location for the private endpoint itself in the policy, then it works. See example here: https://github.com/norregaard/Azure/blob/main/Policy/Auto-create-DNS-record-private-DNS-zone.json now https://github.com/norregaard/Azure/blob/main/Policy/Auto-create-DNS-record-private-DNS-zone-w-location.json "

We should update the Policy Definition Deploy-Private-DNS-Generic to expose location as parameter that customers can use to help control this scenario.

cc: @Springstone

Springstone commented 1 month ago

This has been merged, and is live.