search

Azure / Enterprise-Scale

The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
https://aka.ms/alz
MIT License
1.68k stars 952 forks source link

Deploy NSG Flow Logs policy - error #471

Closed Vallentyne closed 3 years ago

Vallentyne commented 3 years ago

The policy def for NSG flow logs doesn't seem to assess the existence condition right, and doesn't deploy NSG flow logs.

Steps to reproduce When I check the activity logs, the remediation job shows the following error:

"errorMessage": "The 'ifNotExists' target resource type 'Microsoft.Network/networkWatchers/flowLogs' and name '' are not valid in policy assignment '/providers/Microsoft.Management/managementGroups/CV3/providers/Microsoft.Authorization/policyAssignments/3eb8a63530e147aebf163f1e' and definition '/providers/Microsoft.Management/managementGroups/CV3/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs' when evaluating a resource of type 'microsoft.network/networksecuritygroups'.",
krnese commented 3 years ago

Thanks! When did you deploy the reference implementation? We had an issue with the NSG policy earlier, but it was fixed a few weeks back

Vallentyne commented 3 years ago

hm, might be older than that. ok. will redeploy and have a look. thanks, will update here when I know.