[Question/Feedback]: Create deployable Policy Initiatives from Azure Resources templates for Landing Zones

Azure / azure-monitor-baseline-alerts

Azure Monitor Baseline Alerts

MIT License

123 stars 181 forks source link

[Question/Feedback]: Create deployable Policy Initiatives from Azure Resources templates for Landing Zones #214

Open nekdima opened 1 month ago

nekdima commented 1 month ago

Check for previous/existing GitHub issues

[X] I have checked for previous/existing GitHub issues

Description

Hello Team,

The AMBA website currently offers a variety of templates for Azure Alerts creation as ARM and BICEP templates. However, these are challenging to implement on a large scale. It would be beneficial to create an Azure Policy Initiative for "Landing Zones"(there is already one for "Platform") to ensure that Azure Alerts are automatically deployed when a policy identifies the presence of a resource within its scope.

Tagging for visibility: @arjenhuitema

Brunoga-MS commented 1 month ago

Hello @nekdima , thanks for your feedback. We already ave a policy for LandingZone as documented in the Policy Initiatives page. More in particular there's a list included policy in the Landing Zone initiative paragraph.

Let us know if this helps.

Thanks, Bruno.

nekdima commented 1 month ago

Hey @Brunoga-MS ,

Thank you for the prompt reply. I'm aware of this initiative, however it's covering just a few resources like VM, AGW, PIP & KeyVault. What about all the other resources one can have? There are many Azure Alerts (including auto generated ones) which are listed in the spreadsheet but aren't part of the initiative and exist only in the form of ARM/BICEP template.

My customer had the expectation that all of these will be a part of the LZ Initiative.

Brunoga-MS commented 1 month ago

Hey @nekdima , We started by including alerts which are used the most. Can you provide a list of prioritized alerts your customer would like to have included so we can go ahead and investigate?

Thanks, Bruno.

nekdima commented 1 month ago

Hey @Brunoga-MS,

You might consider concentrating on the items listed under "Azure Resources" on the AMBA website. Although they are all currently listed, there is no scalable method to deploy them as a policy.

paulgrimley commented 1 month ago

@nekdima thanks for your feedback on this, I'm tagging @JoeyBarnes who owns AMBA all up to provide a response. @Brunoga-MS, @arjenhuitema and myself manage the ALZ Pattern which includes Policies.