diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 81bae9acd..a4d89087a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,7 +1,9 @@ version: 2 - updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "daily" + interval: "weekly" + labels: + - "Type: Hygiene :broom:" + - "Needs: Attention :wave:" diff --git a/.github/workflows/update-policy-china.yml b/.github/workflows/update-policy-china.yml index 509b860ee..f9a7cc30c 100644 --- a/.github/workflows/update-policy-china.yml +++ b/.github/workflows/update-policy-china.yml @@ -10,7 +10,7 @@ env: remote_repository: "Azure/Enterprise-Scale" branch_name: "patch-policy-library-china" az_accounts_minimum_version: "2.2.3" - pr_title: "Update Policy Library for Azure China (automated)" + pr_title: "feat: Update Policy Library for Azure China (automated)" pr_body: "This is an automated 'pull_request' containing updates to the library templates stored in '/infra-as-code/bicep/modules/policy/definitions/lib/china' & '/infra-as-code/bicep/modules/policy/assignments/lib'.\nPlease review the 'files changed' tab to review changes." jobs: diff --git a/.github/workflows/update-policy.yml b/.github/workflows/update-policy.yml index 80b4ee779..369a44085 100644 --- a/.github/workflows/update-policy.yml +++ b/.github/workflows/update-policy.yml @@ -10,7 +10,7 @@ env: remote_repository: "Azure/Enterprise-Scale" branch_name: "patch-policy-library" az_accounts_minimum_version: "2.2.3" - pr_title: "Update Policy Library (automated)" + pr_title: "feat: Update Policy Library (automated)" pr_body: "This is an automated 'pull_request' containing updates to the library templates stored in '/infra-as-code/bicep/modules/policy/definitions/lib' & '/infra-as-code/bicep/modules/policy/assignments/lib'.\nPlease review the 'files changed' tab to review changes." jobs: diff --git a/README.md b/README.md index 4f145153d..b709a7b3a 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ Detailed information about how to use, deploy and extend artifacts found in this - [Consumer Guide][wiki_consumer_guide] - [Accelerator][wiki_accelerator] - [Azure Montior Baseline Alerts][wiki_amba] + - [Known Issues][wiki_known_issues] - [Frequently Asked Questions][wiki_faq] - [How Does ALZ-Bicep Implement Azure Policies?][wiki_policy_deep_dive] - [Adding Custom Azure Policy Definitions][wiki_policy_defs] @@ -117,6 +118,7 @@ For support on the artifacts contained in this repository, please refer to [this [wiki_contributing]: https://github.com/Azure/ALZ-Bicep/wiki/Contributing "Wiki - Contributing" [wiki_accelerator]: "Wiki - Accelerator" [wiki_amba]: "Wiki - AMBA" +[wiki_known_issues]: "Wiki - Known Issues" [wiki_faq]: "Wiki - FAQs" [wiki_cuaid]: "Wiki - Telemetry Usage ID" [wiki_acrdeploy]: "Wiki - Private Bicep Registry" diff --git a/accelerator/.config/ALZ-Powershell-Auto.config.json b/accelerator/.config/ALZ-Powershell-Auto.config.json index ff26e7d78..c0671faae 100644 --- a/accelerator/.config/ALZ-Powershell-Auto.config.json +++ b/accelerator/.config/ALZ-Powershell-Auto.config.json @@ -243,8 +243,8 @@ "inputs": { "ReleaseVersion": { "source": "powershell", - "type": "string", - "Targets": [ + "sourceInput": "release_version", + "targets": [ { "Name": "RELEASE_VERSION", "Destination": "Environment" @@ -253,9 +253,8 @@ }, "Prefix": { "source": "input", - "type": "string", "description": "The prefix that will be added to all resources created by this deployment. (e.g. 'alz')", - "Targets": [ + "targets": [ { "Name": "parTopLevelManagementGroupPrefix.value", "Destination": "Parameters" @@ -285,10 +284,10 @@ "validation": "azure_name" }, "Location": { - "source": "input", - "type": "string", + "source": "powershell", + "sourceInput": "starter_locations[0]", "description": "Deployment location. (e.g. 'uksouth')", - "Targets": [ + "targets": [ { "Name": "parLocation.value", "Destination": "Parameters" @@ -309,15 +308,14 @@ "Name": "LOCATION", "Destination": "Environment" } - ], - "validation": "azure_location" + ] }, "SecondaryLocation":{ - "source": "input", - "type": "string", + "source": "powershell", + "sourceInput": "starter_locations[1]", "description": "Secondary deployment location. (e.g 'westeurope')", - "Value": "", - "Targets": [ + "default": "", + "targets": [ { "Name": "parSecondaryLocation.value", "Destination": "Parameters" @@ -330,14 +328,12 @@ "Name": "SECONDARYLOCATION", "Destination": "Environment" } - ], - "validation": "azure_location" + ] }, "Environment": { "source": "input", - "type": "string", "description": "The Type of environment that will be created. (e.g. 'live', 'canary')", - "Targets": [ + "targets": [ { "Name": "parEnvironment.value", "Destination": "Parameters" @@ -352,10 +348,9 @@ }, "networkType": { "source": "input", - "type": "string", "description": "The type of networking to deploy. (e.g. 'hubNetworking', 'vwanConnectivity')", "default": "hubNetworking", - "Targets": [ + "targets": [ { "Name": "NETWORK_TYPE", "Destination": "Environment" @@ -364,11 +359,10 @@ "validation": "network_type" }, "IdentitySubscriptionId": { - "source": "input", - "type": "string", + "source": "powershell", + "sourceInput": "subscription_id_identity", "description": "The identifier of the Identity Subscription. (e.g '00000000-0000-0000-0000-000000000000')", - "validation": "azure_subscription_id", - "Targets": [ + "targets": [ { "Name": "IDENTITY_SUBSCRIPTION_ID", "Destination": "Environment" @@ -376,11 +370,10 @@ ] }, "ConnectivitySubscriptionId": { - "source": "input", - "type": "string", + "source": "powershell", + "sourceInput": "subscription_id_connectivity", "description": "The identifier of the Connectivity Subscription. (e.g '00000000-0000-0000-0000-000000000000')", - "validation": "azure_subscription_id", - "Targets": [ + "targets": [ { "Name": "CONNECTIVITY_SUBSCRIPTION_ID", "Destination": "Environment" @@ -388,11 +381,10 @@ ] }, "ManagementSubscriptionId": { - "source": "input", - "type": "string", + "source": "powershell", + "sourceInput": "subscription_id_management", "description": "The identifier of the Management Subscription. (e.g 00000000-0000-0000-0000-000000000000)", - "validation": "azure_subscription_id", - "Targets": [ + "targets": [ { "Name": "MANAGEMENT_SUBSCRIPTION_ID", "Destination": "Environment" @@ -401,10 +393,9 @@ }, "SecurityContact": { "source": "input", - "type": "string", "description": "The email address of the contact for security issues. (e.g. security@contactme.com)", "validation": "email", - "Targets": [ + "targets": [ { "Name": "parMsDefenderForCloudEmailSecurityContact.value", "Destination": "Parameters" @@ -412,11 +403,10 @@ ] }, "LogAnalyticsWorkspaceLocation": { - "source": "powershell", - "type": "string", - "Value": "{%Location%}", - "Process": "($args[0] -eq \"eastus\") ? \"eastus2\" : ($args[0] -eq \"eastus2\") ? \"eastus\" : $args[0]", - "Targets": [ + "source": "calculated", + "pattern": "{%Location%}", + "process": "($args[0] -eq \"eastus\") ? \"eastus2\" : ($args[0] -eq \"eastus2\") ? \"eastus\" : $args[0]", + "targets": [ { "Name": "parLogAnalyticsWorkspaceLocation.value", "Destination": "Parameters" @@ -428,10 +418,9 @@ ] }, "LogAnalyticsResourceId": { - "source": "powershell", - "type": "string", - "Value": "/subscriptions/{%ManagementSubscriptionId%}/resourcegroups/rg-{%Prefix%}-logging/providers/microsoft.operationalinsights/workspaces/alz-log-analytics", - "Targets": [ + "source": "calculated", + "pattern": "/subscriptions/{%ManagementSubscriptionId%}/resourcegroups/rg-{%Prefix%}-logging/providers/microsoft.operationalinsights/workspaces/alz-log-analytics", + "targets": [ { "Name": "parLogAnalyticsWorkspaceResourceId.value", "Destination": "Parameters" @@ -439,10 +428,9 @@ ] }, "DataCollectionRuleVMInsightsResourceId": { - "source": "powershell", - "type": "string", - "Value": "/subscriptions/{%ManagementSubscriptionId%}/resourcegroups/rg-{%Prefix%}-logging/providers/Microsoft.Insights/dataCollectionRules/alz-ama-vmi-dcr", - "Targets": [ + "source": "calculated", + "pattern": "/subscriptions/{%ManagementSubscriptionId%}/resourcegroups/rg-{%Prefix%}-logging/providers/Microsoft.Insights/dataCollectionRules/alz-ama-vmi-dcr", + "targets": [ { "Name": "parDataCollectionRuleVMInsightsResourceId.value", "Destination": "Parameters" @@ -450,10 +438,9 @@ ] }, "DataCollectionRuleChangeTrackingResourceId": { - "source": "powershell", - "type": "string", - "Value": "/subscriptions/{%ManagementSubscriptionId%}/resourcegroups/rg-{%Prefix%}-logging/providers/Microsoft.Insights/dataCollectionRules/alz-ama-ct-dcr", - "Targets": [ + "source": "calculated", + "pattern": "/subscriptions/{%ManagementSubscriptionId%}/resourcegroups/rg-{%Prefix%}-logging/providers/Microsoft.Insights/dataCollectionRules/alz-ama-ct-dcr", + "targets": [ { "Name": "parDataCollectionRuleChangeTrackingResourceId.value", "Destination": "Parameters" @@ -461,10 +448,9 @@ ] }, "DataCollectionRuleMDFCSQLResourceId": { - "source": "powershell", - "type": "string", - "Value": "/subscriptions/{%ManagementSubscriptionId%}/resourcegroups/rg-{%Prefix%}-logging/providers/Microsoft.Insights/dataCollectionRules/ama-mdfcsql-default-dcr", - "Targets": [ + "source": "calculated", + "pattern": "/subscriptions/{%ManagementSubscriptionId%}/resourcegroups/rg-{%Prefix%}-logging/providers/Microsoft.Insights/dataCollectionRules/ama-mdfcsql-default-dcr", + "targets": [ { "Name": "parDataCollectionRuleMDFCSQLResourceId.value", "Destination": "Parameters" @@ -472,10 +458,9 @@ ] }, "UserAssignedManagedIdentityResourceId": { - "source": "powershell", - "type": "string", - "Value": "/subscriptions/{%ManagementSubscriptionId%}/resourcegroups/rg-{%Prefix%}-logging/providers/Microsoft.ManagedIdentity/userAssignedIdentities/alz-umi-identity", - "Targets": [ + "source": "calculated", + "pattern": "/subscriptions/{%ManagementSubscriptionId%}/resourcegroups/rg-{%Prefix%}-logging/providers/Microsoft.ManagedIdentity/userAssignedIdentities/alz-umi-identity", + "targets": [ { "Name": "parUserAssignedManagedIdentityResourceId.value", "Destination": "Parameters" @@ -483,10 +468,9 @@ ] }, "DdosPretectionPlanId": { - "source": "powershell", - "type": "string", - "Value": "/subscriptions/{%ConnectivitySubscriptionId%}/resourceGroups/rg-{%Prefix%}-connectivity/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan", - "Targets": [ + "source": "calculated", + "pattern": "/subscriptions/{%ConnectivitySubscriptionId%}/resourceGroups/rg-{%Prefix%}-connectivity/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan", + "targets": [ { "Name": "parDdosProtectionPlanId.value", "Destination": "Parameters" @@ -494,10 +478,9 @@ ] }, "PrivateDnsResourceGroupId": { - "source": "powershell", - "type": "string", - "Value": "/subscriptions/{%ConnectivitySubscriptionId%}/resourceGroups/rg-{%Prefix%}-connectivity", - "Targets": [ + "source": "calculated", + "pattern": "/subscriptions/{%ConnectivitySubscriptionId%}/resourceGroups/rg-{%Prefix%}-connectivity", + "targets": [ { "Name": "parPrivateDnsResourceGroupId.value", "Destination": "Parameters" @@ -505,12 +488,11 @@ ] }, "ManagementSubscriptionGroup": { - "source": "powershell", - "type": "string", - "Value": [ + "source": "calculated", + "pattern": [ "{%ManagementSubscriptionId%}" ], - "Targets": [ + "targets": [ { "Name": "parPlatformManagementMgSubs.value", "Destination": "Parameters" @@ -518,12 +500,11 @@ ] }, "ConnectivitySubscriptionGroup": { - "source": "powershell", - "type": "string", - "Value": [ + "source": "calculated", + "pattern": [ "{%ConnectivitySubscriptionId%}" ], - "Targets": [ + "targets": [ { "Name": "parPlatformConnectivityMgSubs.value", "Destination": "Parameters" @@ -531,12 +512,11 @@ ] }, "IdentitySubscriptionGroup": { - "source": "powershell", - "type": "string", - "Value": [ + "source": "calculated", + "pattern": [ "{%IdentitySubscriptionId%}" ], - "Targets": [ + "targets": [ { "Name": "parPlatformIdentityMgSubs.value", "Destination": "Parameters" @@ -544,10 +524,9 @@ ] }, "HubNetworkName": { - "source": "powershell", - "type": "string", - "Value": "alz-hub-{%Location%}", - "Targets": [ + "source": "calculated", + "pattern": "alz-hub-{%Location%}", + "targets": [ { "Name": "parHubNetworkName.value", "Destination": "Parameters" @@ -555,10 +534,9 @@ ] }, "HubNetworkNameSecondary": { - "source": "powershell", - "type": "string", - "Value": "alz-hub-{%SecondaryLocation%}", - "Targets": [ + "source": "calculated", + "pattern": "alz-hub-{%SecondaryLocation%}", + "targets": [ { "Name": "parHubNetworkNameSecondaryLocation.value", "Destination": "Parameters" @@ -566,10 +544,9 @@ ] }, "VirtualIdToLink": { - "source": "powershell", - "type": "string", - "Value": "", - "Targets": [ + "source": "calculated", + "pattern": "", + "targets": [ { "Name": "parVirtualNetworkIdToLink.value", "Destination": "Parameters" @@ -577,10 +554,9 @@ ] }, "VirtualWanName": { - "source": "powershell", - "type": "string", - "Value": "alz-vwan-{%Location%}", - "Targets": [ + "source": "calculated", + "pattern": "alz-vwan-{%Location%}", + "targets": [ { "Name": "parVirtualWanName.value", "Destination": "Parameters" @@ -588,10 +564,9 @@ ] }, "AzFirewallName": { - "source": "powershell", - "type": "string", - "Value": "alz-azfw-{%Location%}", - "Targets": [ + "source": "calculated", + "pattern": "alz-azfw-{%Location%}", + "targets": [ { "Name": "parAzFirewallName.value", "Destination": "Parameters" @@ -599,10 +574,9 @@ ] }, "AzFirewallNameSecondary": { - "source": "powershell", - "type": "string", - "Value": "alz-azfw-{%SecondaryLocation%}", - "Targets": [ + "source": "calculated", + "pattern": "alz-azfw-{%SecondaryLocation%}", + "targets": [ { "Name": "parAzFirewallNameSecondaryLocation.value", "Destination": "Parameters" @@ -610,10 +584,9 @@ ] }, "FirewallPoliciesName": { - "source": "powershell", - "type": "string", - "Value": "alz-azfwpolicy-{%Location%}", - "Targets": [ + "source": "calculated", + "pattern": "alz-azfwpolicy-{%Location%}", + "targets": [ { "Name": "parAzFirewallPoliciesName.value", "Destination": "Parameters" @@ -621,10 +594,9 @@ ] }, "FirewallPoliciesNameSecondary": { - "source": "powershell", - "type": "string", - "Value": "alz-azfwpolicy-{%SecondaryLocation%}", - "Targets": [ + "source": "calculated", + "pattern": "alz-azfwpolicy-{%SecondaryLocation%}", + "targets": [ { "Name": "parAzFirewallPoliciesNameSecondaryLocation.value", "Destination": "Parameters" @@ -632,10 +604,9 @@ ] }, "AK8sPrivateLink": { - "source": "powershell", - "type": "string", - "Value": "privatelink.{%Location%}.azmk8s.io", - "Targets": [ + "source": "calculated", + "pattern": "privatelink.{%Location%}.azmk8s.io", + "targets": [ { "Name": "parPrivateDnsZones.value[0]", "Destination": "Parameters" @@ -643,10 +614,9 @@ ] }, "parAzBastionName": { - "source": "powershell", - "type": "string", - "Value": "alz-bastion-{%Location%}", - "Targets": [ + "source": "calculated", + "pattern": "alz-bastion-{%Location%}", + "targets": [ { "Name": "parAzBastionName.value", "Destination": "Parameters" @@ -654,10 +624,9 @@ ] }, "parAzBastionNameSecondaryLocation": { - "source": "powershell", - "type": "string", - "Value": "alz-bastion-{%SecondaryLocation%}", - "Targets": [ + "source": "calculated", + "pattern": "alz-bastion-{%SecondaryLocation%}", + "targets": [ { "Name": "parAzBastionNameSecondaryLocation.value", "Destination": "Parameters" @@ -665,10 +634,9 @@ ] }, "parAzBastionNsgName": { - "source": "powershell", - "type": "string", - "Value": "nsg-AzureBastionSubnet-{%Location%}", - "Targets": [ + "source": "calculated", + "pattern": "nsg-AzureBastionSubnet-{%Location%}", + "targets": [ { "Name": "parAzBastionNsgName.value", "Destination": "Parameters" @@ -676,10 +644,9 @@ ] }, "parAzBastionNsgNameSecondaryLocation": { - "source": "powershell", - "type": "string", - "Value": "nsg-AzureBastionSubnet-{%SecondaryLocation%}", - "Targets": [ + "source": "calculated", + "pattern": "nsg-AzureBastionSubnet-{%SecondaryLocation%}", + "targets": [ { "Name": "parAzBastionNsgNameSecondaryLocation.value", "Destination": "Parameters" @@ -687,10 +654,9 @@ ] }, "parDdosPlanName": { - "source": "powershell", - "type": "string", - "Value": "alz-ddos-plan-{%Location%}", - "Targets": [ + "source": "calculated", + "pattern": "alz-ddos-plan-{%Location%}", + "targets": [ { "Name": "parDdosPlanName.value", "Destination": "Parameters" @@ -698,10 +664,9 @@ ] }, "parDdosPlanNameSecondaryLocation": { - "source": "powershell", - "type": "string", - "Value": "alz-ddos-plan-{%SecondaryLocation%}", - "Targets": [ + "source": "calculated", + "pattern": "alz-ddos-plan-{%SecondaryLocation%}", + "targets": [ { "Name": "parDdosPlanNameSecondaryLocation.value", "Destination": "Parameters" @@ -709,10 +674,9 @@ ] }, "parHubRouteTableName": { - "source": "powershell", - "type": "string", - "Value": "alz-hub-routetable-{%Location%}", - "Targets": [ + "source": "calculated", + "pattern": "alz-hub-routetable-{%Location%}", + "targets": [ { "Name": "parHubRouteTableName.value", "Destination": "Parameters" @@ -720,10 +684,9 @@ ] }, "parHubRouteTableNameSecondaryLocation": { - "source": "powershell", - "type": "string", - "Value": "alz-hub-routetable-{%SecondaryLocation%}", - "Targets": [ + "source": "calculated", + "pattern": "alz-hub-routetable-{%SecondaryLocation%}", + "targets": [ { "Name": "parHubRouteTableNameSecondaryLocation.value", "Destination": "Parameters" @@ -731,10 +694,9 @@ ] }, "AK8sPrivateLinkSecondary": { - "source": "powershell", - "type": "string", - "Value": "privatelink.{%SecondaryLocation%}.azmk8s.io", - "Targets": [ + "source": "calculated", + "pattern": "privatelink.{%SecondaryLocation%}.azmk8s.io", + "targets": [ { "Name": "parPrivateDnsZonesSecondaryLocation.value[0]", "Destination": "Parameters" @@ -742,10 +704,9 @@ ] }, "BatchPrivateLink": { - "source": "powershell", - "type": "string", - "Value": "privatelink.{%Location%}.batch.azure.com", - "Targets": [ + "source": "calculated", + "pattern": "privatelink.{%Location%}.batch.azure.com", + "targets": [ { "Name": "parPrivateDnsZones.value[1]", "Destination": "Parameters" @@ -753,10 +714,9 @@ ] }, "BatchPrivateLinkSecondary": { - "source": "powershell", - "type": "string", - "Value": "privatelink.{%SecondaryLocation%}.batch.azure.com", - "Targets": [ + "source": "calculated", + "pattern": "privatelink.{%SecondaryLocation%}.batch.azure.com", + "targets": [ { "Name": "parPrivateDnsZonesSecondaryLocation.value[1]", "Destination": "Parameters" @@ -764,10 +724,9 @@ ] }, "KustoPrivateLink": { - "source": "powershell", - "type": "string", - "Value": "privatelink.{%Location%}.kusto.windows.net", - "Targets": [ + "source": "calculated", + "pattern": "privatelink.{%Location%}.kusto.windows.net", + "targets": [ { "Name": "parPrivateDnsZones.value[2]", "Destination": "Parameters" @@ -775,10 +734,9 @@ ] }, "KustoPrivateLinkSecondary": { - "source": "powershell", - "type": "string", - "Value": "privatelink.{%SecondaryLocation%}.kusto.windows.net", - "Targets": [ + "source": "calculated", + "pattern": "privatelink.{%SecondaryLocation%}.kusto.windows.net", + "targets": [ { "Name": "parPrivateDnsZonesSecondaryLocation.value[2]", "Destination": "Parameters" @@ -786,10 +744,9 @@ ] }, "BackupPrivateLink": { - "source": "powershell", - "type": "string", - "Value": "privatelink.{%Location%}.backup.windowsazure.com", - "Targets": [ + "source": "calculated", + "pattern": "privatelink.{%Location%}.backup.windowsazure.com", + "targets": [ { "Name": "parPrivateDnsZones.value[3]", "Destination": "Parameters" @@ -797,10 +754,9 @@ ] }, "BackupPrivateLinkSecondary": { - "source": "powershell", - "type": "string", - "Value": "privatelink.{%SecondaryLocation%}.backup.windowsazure.com", - "Targets": [ + "source": "calculated", + "pattern": "privatelink.{%SecondaryLocation%}.backup.windowsazure.com", + "targets": [ { "Name": "parPrivateDnsZonesSecondaryLocation.value[3]", "Destination": "Parameters" @@ -808,10 +764,9 @@ ] }, "ConnectivityResourceGroupName": { - "source": "powershell", - "type": "string", - "Value": "rg-{%Prefix%}-connectivity", - "Targets": [ + "source": "calculated", + "pattern": "rg-{%Prefix%}-connectivity", + "targets": [ { "Name": "CONNECTIVITY_RESOURCE_GROUP", "Destination": "Environment" @@ -824,10 +779,9 @@ ] }, "LoggingResourceGroupName": { - "source": "powershell", - "type": "string", - "Value": "rg-{%Prefix%}-logging", - "Targets": [ + "source": "calculated", + "pattern": "rg-{%Prefix%}-logging", + "targets": [ { "Name": "LOGGING_RESOURCE_GROUP", "Destination": "Environment" @@ -841,9 +795,8 @@ }, "RootParentManagementGroupId": { "source": "powershell", - "type": "string", - "Value": "", - "Targets": [ + "sourceInput": "root_parent_management_group_id", + "targets": [ { "Name": "ROOT_PARENT_MANAGEMENT_GROUP_ID", "Destination": "Environment" @@ -857,9 +810,8 @@ }, "AvailabilityZones": { "source": "powershell", - "type": "list(string)", - "Value": "", - "Targets": [ + "sourceInput": "availability_zones_starter[0]", + "targets": [ { "Name": "AVAILABILITY_ZONES", "Destination": "Environment" @@ -875,23 +827,39 @@ "Destination": "Parameters" }, { - "File": "hubNetworking.parameters.multiRegion.all.json", - "Name": "parAzErGatewayAvailabilityZonesSecondaryLocation.value", + "File": "hubNetworking.parameters.all.json", + "Name": "parAzVpnGatewayAvailabilityZones.value", "Destination": "Parameters" }, { "File": "hubNetworking.parameters.all.json", - "Name": "parAzVpnGatewayAvailabilityZones.value", + "Name": "parAzFirewallAvailabilityZones.value", + "Destination": "Parameters" + } + ] + }, + "AvailabilityZonesSecondary": { + "source": "powershell", + "sourceInput": "availability_zones_starter[1]", + "default": [], + "targets": [ + { + "Name": "AVAILABILITY_ZONES_SECONDARY", + "Destination": "Environment" + }, + { + "File": "vwanConnectivity.parameters.all.json", + "Name": "parVirtualWanHubs.value[1].parAzFirewallAvailabilityZones", "Destination": "Parameters" }, { "File": "hubNetworking.parameters.multiRegion.all.json", - "Name": "parAzVpnGatewayAvailabilityZonesSecondaryLocation.value", + "Name": "parAzErGatewayAvailabilityZonesSecondaryLocation.value", "Destination": "Parameters" }, { - "File": "hubNetworking.parameters.all.json", - "Name": "parAzFirewallAvailabilityZones.value", + "File": "hubNetworking.parameters.multiRegion.all.json", + "Name": "parAzVpnGatewayAvailabilityZonesSecondaryLocation.value", "Destination": "Parameters" }, { @@ -996,8 +964,8 @@ "inputs": { "ReleaseVersion": { "source": "powershell", - "type": "string", - "Targets": [ + "sourceInput": "release_version", + "targets": [ { "Name": "RELEASE_VERSION", "Destination": "Environment" @@ -1006,9 +974,8 @@ }, "Prefix": { "source": "input", - "type": "string", "description": "The prefix that will be added to all resources created by this deployment. (e.g. 'alz')", - "Targets": [ + "targets": [ { "Name": "parTopLevelManagementGroupPrefix.value", "Destination": "Parameters" @@ -1026,10 +993,10 @@ "validation": "azure_name" }, "Location": { - "source": "input", - "type": "string", + "source": "powershell", + "sourceInput": "starter_locations[0]", "description": "Deployment location. (e.g. 'uksouth')", - "Targets": [ + "targets": [ { "Name": "parLocation.value", "Destination": "Parameters" @@ -1038,14 +1005,14 @@ "Name": "LOCATION", "Destination": "Environment" } - ], - "validation": "azure_location" + ] }, "SecondaryLocation": { - "source": "input", - "type": "string", + "source": "powershell", + "sourceInput": "starter_locations[1]", "description": "Deployment location. (e.g. 'uksouth')", - "Targets": [ + "default": "", + "targets": [ { "Name": "parLocation.value", "Destination": "Parameters" @@ -1058,14 +1025,12 @@ "Name": "SECONDARYLOCATION", "Destination": "Environment" } - ], - "validation": "azure_location" + ] }, "Environment": { "source": "input", - "type": "string", "description": "The Type of environment that will be created. (e.g. 'live', 'canary')", - "Targets": [ + "targets": [ { "Name": "parTags.value.Environment", "Destination": "Parameters" @@ -1076,10 +1041,9 @@ }, "networkType": { "source": "input", - "type": "string", "description": "The type of networking to deploy. (e.g. 'hubNetworking', 'vwanConnectivity')", "default": "hubNetworking", - "Targets": [ + "targets": [ { "Name": "NETWORK_TYPE", "Destination": "Environment" @@ -1088,11 +1052,10 @@ "validation": "network_type" }, "IdentitySubscriptionId": { - "source": "input", - "type": "string", + "source": "powershell", + "sourceInput": "subscription_id_identity", "description": "The identifier of the Identity Subscription. (e.g '00000000-0000-0000-0000-000000000000')", - "validation": "azure_subscription_id", - "Targets": [ + "targets": [ { "Name": "IDENTITY_SUBSCRIPTION_ID", "Destination": "Environment" @@ -1100,11 +1063,10 @@ ] }, "ConnectivitySubscriptionId": { - "source": "input", - "type": "string", + "source": "powershell", + "sourceInput": "subscription_id_connectivity", "description": "The identifier of the Connectivity Subscription. (e.g '00000000-0000-0000-0000-000000000000')", - "validation": "azure_subscription_id", - "Targets": [ + "targets": [ { "Name": "CONNECTIVITY_SUBSCRIPTION_ID", "Destination": "Environment" @@ -1112,11 +1074,10 @@ ] }, "ManagementSubscriptionId": { - "source": "input", - "type": "string", + "source": "powershell", + "sourceInput": "subscription_id_management", "description": "The identifier of the Management Subscription. (e.g 00000000-0000-0000-0000-000000000000)", - "validation": "azure_subscription_id", - "Targets": [ + "targets": [ { "Name": "MANAGEMENT_SUBSCRIPTION_ID", "Destination": "Environment" @@ -1125,9 +1086,8 @@ }, "RootParentManagementGroupId": { "source": "powershell", - "type": "string", - "Value": "", - "Targets": [ + "sourceInput": "root_parent_management_group_id", + "targets": [ { "Name": "ROOT_PARENT_MANAGEMENT_GROUP_ID", "Destination": "Environment" @@ -1140,10 +1100,9 @@ ] }, "ConnectivityResourceGroupName": { - "source": "powershell", - "type": "string", - "Value": "rg-{%Prefix%}-connectivity", - "Targets": [ + "source": "calculated", + "pattern": "rg-{%Prefix%}-connectivity", + "targets": [ { "Name": "CONNECTIVITY_RESOURCE_GROUP", "Destination": "Environment" @@ -1156,10 +1115,9 @@ ] }, "ManagementResourceGroupName": { - "source": "powershell", - "type": "string", - "Value": "rg-{%Prefix%}-management", - "Targets": [ + "source": "calculated", + "pattern": "rg-{%Prefix%}-management", + "targets": [ { "Name": "MANAGEMENT_RESOURCE_GROUP", "Destination": "Environment" @@ -1172,10 +1130,9 @@ ] }, "IdentityResourceGroupName": { - "source": "powershell", - "type": "string", - "Value": "rg-{%Prefix%}-identity", - "Targets": [ + "source": "calculated", + "pattern": "rg-{%Prefix%}-identity", + "targets": [ { "Name": "IDENTITY_RESOURCE_GROUP", "Destination": "Environment" @@ -1189,14 +1146,24 @@ }, "AvailabilityZones": { "source": "powershell", - "type": "list(string)", - "Value": "", - "Targets": [ + "sourceInput": "availability_zones_starter[0]", + "targets": [ { "Name": "AVAILABILITY_ZONES", "Destination": "Environment" } ] + }, + "AvailabilityZonesSecondary": { + "source": "powershell", + "sourceInput": "availability_zones_starter[1]", + "default": [], + "targets": [ + { + "Name": "AVAILABILITY_ZONES_SECONDARY", + "Destination": "Environment" + } + ] } } } diff --git a/docs/wiki/Accelerator.md b/docs/wiki/Accelerator.md index 73327755a..d485ce58c 100644 --- a/docs/wiki/Accelerator.md +++ b/docs/wiki/Accelerator.md @@ -3,18 +3,31 @@ > [!IMPORTANT] -> The ALZ Bicep Accelerator has been updated to automate the bootstrapping of your Version Control System and Azure resources. The ALZ Bicep Accelerator's documentation has been moved to [aka.ms/alz/accelerator/docs](https://aka.ms/alz/accelerator/docs). Head over there now to get started! -> Use the instructions below only if you need to use the classic version of the ALZ Bicep Accelerator. +> The ALZ Bicep Accelerator has been updated to automate the bootstrapping of your Version Control System and Azure resources. The documentation for the updated ALZ Bicep Accelerator has been moved to [aka.ms/alz/accelerator/docs](https://aka.ms/alz/accelerator/docs). Head over there now to get started! +> +> If you prefer, you can hold off on updating to this new version and wait for the upcoming [ALZ-Bicep Refactor](https://github.com/Azure/ALZ-Bicep/issues/791) which will leverage [Azure Verified Modules](https://azure.github.io/Azure-Verified-Modules). This refactor will provide a further updated version of the ALZ Bicep Accelerator. +> +> Use the instructions below only if you need to reference the deprecated classic version of the ALZ Bicep Accelerator. ### Deprecation Notice > [!WARNING] -> The classic version of the ALZ Bicep Accelerator will be maintained for a limited time. We recommend migrating to the new version as soon as possible. +> The classic version of the ALZ Bicep Accelerator has been **deprecated**. It has been removed from the ALZ PowerShell Module and is only supported in version 3.1.2 or earlier. If you're using a newer version, please migrate to the updated Accelerator. + +To use the classic version of the ALZ Bicep Accelerator, you can install the ALZ PowerShell Module version 3.1.2 by running the following command: + +```powershell +# Uninstall current version (if needed) +Uninstall-Module -Name Az -AllVersions -Force + +# Install a specific older version (3.1.2) +Install-Module -Name Az -RequiredVersion 3.1.2 +``` ### What is the ALZ Bicep Accelerator (Classic)? > [!NOTE] -> These instructions now include the `-bicepLegacyMode $true` parameter, which needs be set explicily to use the classic version. +> These instructions include the `-bicepLegacyMode $true` parameter, which must be explicitly set to use the deprecated classic version of the Accelerator. The ALZ Bicep Accelerator framework was developed to provide end-users with the following abilities: @@ -89,9 +102,6 @@ In order to setup the Accelerator framework with the production GitHub Action Wo - Traditional VNet Hub and Spoke = .github\workflows\alz-bicep-4a-hubspoke.yml - Virtual WAN = .github\workflows\alz-bicep-4b-vwan.yml - > **Note:** - > These workflow files and associated deployment scripts will be programatically removed in the future. - 1. Review all parameter files within config/custom-parameters and update the values as needed for your desired ALZ configuration. All files pertaining to the default ALZ Bicep modules are located within the upstream-releases directory. The parameter files are located within the config/custom-parameters directory. For a minimalistic deployment, some example parameters are provided [here](#guidance-for-a-minimalistic-deployment) > **Note:** To further understand the purpose of each parameter, please review the [deployment flow documentation](https://github.com/Azure/ALZ-Bicep/wiki/DeploymentFlow). For design considerations, please review our page in the [Azure Architecture Center](https://learn.microsoft.com/azure/architecture/landing-zones/bicep/landing-zone-bicep). @@ -211,10 +221,10 @@ For this framework, we recommend utilizing the [GitHub Flow branching strategy]( As part of the framework, we include two PR workflows. The pipelines will perform the following tasks: -| Workflow Name | Trigger | Tasks | -|-------------------------|-----------|---------------------| -| ALZ-Bicep-PR1-Build | Pull request against main branch and changes to any Bicep file or Bicep config file. | Checks to see if there are any modified or custom modules residing within the config\custom-modules directory and if so, the workflow will lint the modules and ensure they can compile. -| ALZ-Bicep-PR2-Lint | Pull request against main branch. | Using [Super-Linter](https://github.com/github/super-linter), the workflow will lint everything in the codebase apart from the Bicep modules/files. +| Workflow Name | Trigger | Tasks | +|---------------------|--------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| ALZ-Bicep-PR1-Build | Pull request against main branch and changes to any Bicep file or Bicep config file. | Checks to see if there are any modified or custom modules residing within the config\custom-modules directory and if so, the workflow will lint the modules and ensure they can compile. | +| ALZ-Bicep-PR2-Lint | Pull request against main branch. | Using [Super-Linter](https://github.com/github/super-linter), the workflow will lint everything in the codebase apart from the Bicep modules/files. | > **Important:** > YAML PR triggers are supported only in GitHub and Bitbucket Cloud. diff --git a/docs/wiki/AzureMonitorBaselineAlerts.md b/docs/wiki/AzureMonitorBaselineAlerts.md index edfb75ed6..680009fff 100644 --- a/docs/wiki/AzureMonitorBaselineAlerts.md +++ b/docs/wiki/AzureMonitorBaselineAlerts.md @@ -2,14 +2,12 @@ ## Azure Monitor Baseline Alerts -At present, [Azure Monitor Baseline Alerts (AMBA)](https://azure.github.io/azure-monitor-baseline-alerts/) is not integrated into the ALZ-Bicep repository. However, this integration is underway and will soon be available. +### Deprecation Notice for AMBA Guidance -If you prefer not to wait for this integration, you can deploy AMBA as a standalone deployment. This might be the optimal choice and also aligns with familiar scenarios, especially if you initially deployed the ALZ-Bicep framework using the PowerShell or Azure CLI scripts provided within the module READMEs. Follow the guidance provided in the [AMBA documentation](https://azure.github.io/azure-monitor-baseline-alerts/patterns/alz/deploy/Introduction-to-deploying-the-ALZ-Pattern/) for deployment. +> [!WARNING] +> The guidance for Azure Monitor Baseline Alerts (AMBA) provided here is specific to the **classic** version of the ALZ Bicep Accelerator, which has been deprecated. It is not integrated into the newer version of the ALZ-Bicep Accelerator, but integration is currently in on the roadmap for the near future. -Alternatively, if you wish to integrate Azure Monitor Baseline Alerts into your existing [Accelerator](https://github.com/Azure/ALZ-Bicep/wiki/Accelerator) deployment, follow the guidance provided in the following sections. - -> **Warning:** -> The following guidance offers a simplified version of the integration and may differ from the final integration. This is provided for immediate solution. +In the meantime, if you prefer not to wait for this integration, you can deploy AMBA as a standalone deployment. This option may be optimal, particularly if you initially deployed the classic ALZ-Bicep framework using the PowerShell or Azure CLI scripts found in the module READMEs. Follow the guidance provided in the [AMBA documentation](https://azure.github.io/azure-monitor-baseline-alerts/patterns/alz/deploy/Introduction-to-deploying-the-ALZ-Pattern/) for standalone deployment. ## Pre-Requisites diff --git a/infra-as-code/bicep/modules/hubNetworking/README.md b/infra-as-code/bicep/modules/hubNetworking/README.md index 4c1696be9..0900806ea 100644 --- a/infra-as-code/bicep/modules/hubNetworking/README.md +++ b/infra-as-code/bicep/modules/hubNetworking/README.md @@ -204,7 +204,7 @@ New-AzResourceGroupDeployment @inputObject To extend your infrastructure to [additional regions](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/considerations/regions), this module can be deployed multiple times with different parameters files to deploy additional hubs in multiple regions. The [vnetPeering module](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/vnetPeering) can be leveraged to peer the hub networks together across the different regions. -If you want to use a single deployment targeting two regions, you can use the [hubNetworking-multiRegion.bicep](https://github.com/Azure/ALZ-Bicep/blob/main/infra-as-code/bicep/modules/hubNetworking/hubNetworking-multiRegion.bicep) file along with the [hubNetwork.parameters.az.multiRegion.all.parameters.json](https://github.com/Azure/ALZ-Bicep/blob/main/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.az.all.jso) file. This module uses similar parameters from the `hubNetworking` module, but the parameters specific to the secondary region are suffixed with `SecondaryLocation`. It also leverages the `vnetPeering` module to peer the two hubs together. +If you want to use a single deployment targeting two regions, you can use the [hubNetworking-multiRegion.bicep](https://github.com/Azure/ALZ-Bicep/blob/main/infra-as-code/bicep/modules/hubNetworking/hubNetworking-multiRegion.bicep) file along with the [hubNetwork.parameters.az.multiRegion.all.parameters.json](https://github.com/Azure/ALZ-Bicep/blob/main/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.az.all.json) file. This module uses similar parameters from the `hubNetworking` module, but the parameters specific to the secondary region are suffixed with `SecondaryLocation`. It also leverages the `vnetPeering` module to peer the two hubs together. > For the example below, two hubs will be deployed across *eastus* and *westus* regions.