search

ssc-spc-ccoe-cei / azure-guardrails-solution-accelerator

This implementation automates reporting to verify compliance with GC Cloud Guardrails. SSC and TBS review the results. Cette mise en œuvre automatise la production de rapports afin de vérifier la conformité aux mesures de sécurité infonuagique du GC. SPC et SCT examinent les résultats.
Other
11 stars 4 forks source link

GR5: Allowed Location Check + Policy Compliance Status Information #181

Open MathesonSho opened 2 months ago

MathesonSho commented 2 months ago

Current check determines if the policy/ initiative has been applied across the tenant, that the parameters are correct and that there are no exemptions. Request is to add policy logic that also incorporates policy/initiative resource compliance into the CaC's control status of compliant or non-compliant.

For example: If a subscription has the allowed location policy applied after already creating a resource in Europe. The resource remains in Europe and the policy dashboard will show that non-compliant resource. The solutions check should then return. "Non-compliant. The policy has been applied, however 1 resource is non-compliant. "

Logic Change applied to GR6 as a reference. Include the same comment logic to explain issues to the client. https://github.com/ssc-spc-ccoe-cei/azure-guardrails-solution-accelerator/pull/139

MathesonSho commented 2 weeks ago

@dutt0 Can this be completed sooner? Iteration #1 focused on adding the ability to use an initiative- however the improvements are still needed to be updated to sync with GR6's progress. The current format is hard to test/ understand as it still includes management groups and it has duplication of MGs. One compliant and non-compliant. Would be beneficial to update.