Open AErmie opened 1 month ago
flanakin
commented
1 month ago Makes sense. I'm not familiar with these options, but we can probably look at this in December. If you're familiar with bicep and would like to see this sooner, we'd welcome a PR to add this. Or if you know the settings that need to be applied, you could share them here, which might speed things up. Just let us know.
Either way, thanks for the feedback!
flanakin
commented
1 month ago @allcontributors please add AErmie for feature
allcontributors[bot]
commented
1 month ago @flanakin
I couldn't determine any contributions to add, did you specify any contributions? Please make sure to use valid contribution names.
AErmie
commented
3 weeks ago @flanakin, I believe the REST API properties are:
enableRbacAuthorization enableSoftDeleteenablePurgeProtection
⚠️ Problem
For organizations that utilize the Enterprise Scale in association with the Cloud Adoption Framework (CAF), there are various Azure Policies and Initiatives that are deployed.
One of those Initiatives is the Enforce recommended guardrails for Azure Key Vault. This initiative contains several policies, including:
The current deployment of the FinOps Toolkit (Hub architecture), violates those 2 policies and prevents its deployment. We have to add/create an exception in the target Subscription / Resource Group, for the deployment to complete successfully.
🛠️ Solution
Update the FinOps Toolkit's Key Vault implementation to support the RBAC permissions model, and also enable delete protection.
ℹ️ Additional context
The client I am currently assisting, is in a regulated industry, and uses the CAF / Enterprise Scale Terraform modules.
🙋♀️ Ask for the community
We could use your help: