Feature Request - Deploy-Private-DNS-Zones is missing policy for App Service Slots

Azure / Enterprise-Scale

The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture

https://aka.ms/alz

MIT License

1.72k stars 980 forks source link

Feature Request - Deploy-Private-DNS-Zones is missing policy for App Service Slots #1786

Open MikaelJcSoderberg opened 1 month ago

MikaelJcSoderberg commented 1 month ago

Describe the solution you'd like

I cant find a policy for you to include as part of Deploy-Private-DNS-Zones

that would add the feature, so either the product team will need to add it or Enterprise Scale would have a Custom Policy that does the same. Is there a similiar issue with Function App slots?

Springstone commented 1 month ago

@MikaelJcSoderberg we have included a generic Private DNS Zone policy that allows you to configure Private DNS Zones for those services that don't yet have a built-in policy for the same. Have you looked at implementing this?

https://github.com/Azure/Enterprise-Scale/blob/main/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Generic.json

MikaelJcSoderberg commented 1 month ago

The generic would work if the group ID is static, but for app service slots it is dynamic values starting with "sites-*"

When I wrote my custom policy that works for me I have to use like instead of equals