diff --git a/README.md b/README.md index 47f295d2d..f5cd8d32b 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,8 @@ To use this module with all default settings, please include the following in yo > 2. This module has a single mandatory variable `root_parent_id` which is used to set the parent ID to use as the root for deployment. All other variables are optional but can be used to customise your deployment. > > 3. If using the `azurerm_subscription` data source to provide a `tenant_id` value from the current context for `root_parent_id`, you are likely to get a warning that Terraform cannot determine the number of resources to create during the `plan` stage. To avoid the need to use `terraform apply -target=resource` or putting such values in source code, we recommend providing the `root_parent_id` value explicitly via the command-line using `-var 'root_parent_id={{ tenant_id }}'` or your preferred method of injecting variable values at runtime. +> +> 4. As of version `0.0.8` this module now supports the creation of Role Assignments for any valid Policy Assignment deployed using the module. This feature enumerates the appropriate role(s) needed by the assigned Policy Definition or Policy Set Definition and creates the necessary Role Assignments for the auto-generated Managed Identity at the same scope as the Policy Assignment. This capability provides feature parity with the Azure Portal experience when creating Policy Assignments using the `DeployIfNotExists` or `Modify` effects. If the Policy Assignment needs to interact with resources not under the same scope as the Policy Assignment, you will need to create additional Role Assignments at the appropriate scope. ### Simple Example @@ -53,7 +55,7 @@ variable "tenant_id" { module "enterprise_scale" { source = "Azure/caf-enterprise-scale/azurerm" - version = "0.0.7-preview" + version = "0.0.8" root_parent_id = var.tenant_id @@ -77,7 +79,7 @@ variable "tenant_id" { module "enterprise_scale" { source = "Azure/caf-enterprise-scale/azurerm" - version = "0.0.7-preview" + version = "0.0.8" # Mandatory Variables root_parent_id = var.tenant_id diff --git a/locals.policy_assignments.tf b/locals.policy_assignments.tf index e6536057a..2e134dd44 100644 --- a/locals.policy_assignments.tf +++ b/locals.policy_assignments.tf @@ -20,3 +20,190 @@ locals { assignment.resource_id => assignment } } + +# To support the creation of Role Assignments for Policy Assignments +# using a Managed Identity, we need to identify the associated +# Role Definition(s) relating to the assigned Policy [Set] Definition +# within each Policy Assignment. This requires the following logic +# to determine which Role Assignments to create. + +# Generate a list of internal Policy Definitions and Policy +# Set Definitions. +locals { + internal_policy_definition_ids = [ + for policy_definition in local.es_policy_definitions : + policy_definition.resource_id + ] + internal_policy_set_definition_ids = [ + for policy_set_definition in local.es_policy_set_definitions : + policy_set_definition.resource_id + ] +} + +# Determine which Policy Assignments use a Managed Identity. +locals { + policy_assignments_with_managed_identity = { + for assignment in local.es_policy_assignments : + assignment.resource_id => assignment.template.properties.policyDefinitionId + if assignment.template.identity.type == "SystemAssigned" + } +} + +# Determine which of these Policy Assignments assign a Policy +# Definition or Policy Set Definition which is either built-in, +# or deployed to Azure using a process outside of this module. +locals { + # Policy Definitions + policy_assignments_with_managed_identity_using_external_policy_definition = { + for policy_assignment_id, policy_definition_id in local.policy_assignments_with_managed_identity : + policy_assignment_id => policy_definition_id + if length(regexall(local.resource_types.policy_definition, policy_definition_id)) > 0 && contains(local.internal_policy_definition_ids, policy_definition_id) != true + } + # Policy Set Definitions + policy_assignments_with_managed_identity_using_external_policy_set_definition = { + for policy_assignment_id, policy_set_definition_id in local.policy_assignments_with_managed_identity : + policy_assignment_id => policy_set_definition_id + if length(regexall(local.resource_types.policy_set_definition, policy_set_definition_id)) > 0 && contains(local.internal_policy_set_definition_ids, policy_set_definition_id) != true + } +} + +# Generate list of Policy Set Definitions to lookup from Azure. +locals { + azurerm_policy_set_definition_external_lookup = { + for policy_set_definition_id in local.policy_assignments_with_managed_identity_using_external_policy_set_definition : + policy_set_definition_id => { + name = basename(policy_set_definition_id) + management_group_name = try(regex(local.regex_extract_provider_scope, policy_set_definition_id), null) + } + } +} + +# Perform a lookup of the Policy Set Definitions not deployed by this module. +data "azurerm_policy_set_definition" "external_lookup" { + for_each = local.azurerm_policy_set_definition_external_lookup + + name = each.value.name + management_group_name = each.value.management_group_name +} + +# Create a list of Policy Definitions IDs used by all assigned Policy Set Definitions +locals { + policy_definitions_ids_from_internal_policy_set_definitions = { + for policy_set_definition in local.es_policy_set_definitions : + policy_set_definition.resource_id => try(policy_set_definition.template.policyDefinitions.*.policyDefinitionId, local.empty_list) + } + policy_definitions_ids_from_external_policy_set_definitions = { + for policy_set_definition_id, policy_set_definition_config in data.azurerm_policy_set_definition.external_lookup : + policy_set_definition_id => [ + for policy_definition_reference in policy_set_definition_config.policy_definition_reference : + policy_definition_reference.policy_definition_id + ] + } + policy_definitions_ids_from_policy_set_definitions = merge( + local.policy_definitions_ids_from_internal_policy_set_definitions, + local.policy_definitions_ids_from_external_policy_set_definitions, + ) +} + +# Identify all Policy Definitions which are external to this module +locals { + # From Policy Assignments using Policy Set Definitions + external_policy_definitions_ids_from_policy_set_definitions = distinct(flatten([ + for policy_definitions in values(local.policy_definitions_ids_from_policy_set_definitions) : [ + for policy_definition in policy_definitions : + policy_definition + if contains(local.internal_policy_definition_ids, policy_definition) != true + ] + ])) + external_policy_definitions_from_azurerm_policy_set_definition_external_lookup = { + for policy_set_definition_id in local.external_policy_definitions_ids_from_policy_set_definitions : + policy_set_definition_id => { + name = basename(policy_set_definition_id) + management_group_name = try(regex(local.regex_extract_provider_scope, policy_set_definition_id), null) + } + } + # From Policy Assignments using Policy Definitions + external_policy_definitions_from_internal_policy_assignments = { + for policy_set_definition_id in local.policy_assignments_with_managed_identity_using_external_policy_definition : + policy_set_definition_id => { + name = basename(policy_set_definition_id) + management_group_name = try(regex(local.regex_extract_provider_scope, policy_set_definition_id), null) + } + } + # Then create a single list containing all Policy Definitions to lookup from Azure + azurerm_policy_definition_external_lookup = merge( + local.external_policy_definitions_from_azurerm_policy_set_definition_external_lookup, + local.external_policy_definitions_from_internal_policy_assignments, + ) +} + +# Perform a lookup of the Policy Definitions not deployed by this module. +data "azurerm_policy_definition" "external_lookup" { + for_each = local.azurerm_policy_definition_external_lookup + + name = each.value.name + management_group_name = each.value.management_group_name +} + +# Extract the Role Definition IDs from the internal and external +# Policy Definitions, then combine into a single lookup map. +locals { + internal_policy_definition_roles = { + for policy_definition in local.es_policy_definitions : + policy_definition.resource_id => try(policy_definition.template.policyRule.then.details.roleDefinitionIds, local.empty_list) + } + external_policy_definition_roles = { + for policy_definition_id, policy_definition_config in data.azurerm_policy_definition.external_lookup : + policy_definition_id => try(jsondecode(policy_definition_config.policy_rule).then.details.roleDefinitionIds, local.empty_list) + } + policy_definition_roles = merge( + local.internal_policy_definition_roles, + local.external_policy_definition_roles, + ) +} + +# Merge the map of Policy Definitions from internal and +# external Policy Set Definitions then generate the map +# of roles for each. +locals { + policy_set_definition_roles = { + for policy_set_definition_id, policy_definition_ids in local.policy_definitions_ids_from_policy_set_definitions : + policy_set_definition_id => distinct(flatten([ + for policy_definition_id in policy_definition_ids : + local.policy_definition_roles[policy_definition_id] + ])) + } +} + +# Merge the map of roles for Policy Definitions and +# Policy Set Definitions. +locals { + policy_roles = merge( + local.policy_definition_roles, + local.policy_set_definition_roles, + ) +} + +# Construct the array used to determine the list of +# Role Assignments to create for the Managed Identities +# used by Policy Assignments. +# The "identity" object is an array containing a single +# identity item. +# The try() logic below is to prevent errors when running +# 'terraform destroy'. +locals { + es_role_assignments_by_policy_assignment = flatten([ + for policy_assignment_id, policy_id in local.policy_assignments_with_managed_identity : [ + for role_definition_id in try(local.policy_roles[policy_id], local.empty_list) : [ + { + resource_id = "${local.azurerm_policy_assignment_enterprise_scale[policy_assignment_id].scope_id}${local.provider_path.role_assignment}${uuidv5(uuidv5("url", role_definition_id), policy_assignment_id)}" + scope_id = local.azurerm_policy_assignment_enterprise_scale[policy_assignment_id].scope_id + principal_id = try(azurerm_policy_assignment.enterprise_scale[policy_assignment_id].identity[0].principal_id, null) + role_definition_name = null + role_definition_id = role_definition_id + skip_service_principal_aad_check = true + } + ] + ] + ]) +} diff --git a/locals.role_assignments.tf b/locals.role_assignments.tf index b240f45a0..e986d8f83 100644 --- a/locals.role_assignments.tf +++ b/locals.role_assignments.tf @@ -9,6 +9,7 @@ locals { es_role_assignments = concat( local.es_role_assignments_by_management_group, local.es_role_assignments_by_subscription, + local.es_role_assignments_by_policy_assignment, ) } diff --git a/locals.tf b/locals.tf index 6264c0208..78c5fcc6c 100644 --- a/locals.tf +++ b/locals.tf @@ -23,9 +23,21 @@ locals { } # The following locals are used to define base Azure -# provider paths +# provider paths and resource types locals { provider_path = { management_groups = "/providers/Microsoft.Management/managementGroups/" + role_assignment = "/providers/Microsoft.Authorization/roleAssignments/" } + resource_types = { + policy_definition = "Microsoft.Authorization/policyDefinitions" + policy_set_definition = "Microsoft.Authorization/policySetDefinitions" + } +} + +# The following locals are used to define RegEx +# patterns used within this module + +locals { + regex_extract_provider_scope = "(?i)/(?=.*/providers/)[^/]+/[\\S]+(?=.*/providers/)" } diff --git a/main.tf b/main.tf index 7ab91f5c0..42cbfdba2 100644 --- a/main.tf +++ b/main.tf @@ -6,7 +6,7 @@ # groups of Resources within a Subscription. module "management_group_archetypes" { for_each = local.es_landing_zones_map - source = "./modules/terraform-azurerm-caf-enterprise-scale-archetypes" + source = "./modules/archetypes" root_id = "${local.provider_path.management_groups}${local.root_id}" scope_id = each.key diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_default_empty.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_default_empty.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_default_empty.json rename to modules/archetypes/lib/archetype_definitions/archetype_definition_default_empty.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_connectivity_foundation.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_connectivity_foundation.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_connectivity_foundation.tmpl.json rename to modules/archetypes/lib/archetype_definitions/archetype_definition_es_connectivity_foundation.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_connectivity_hub_and_spoke.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_connectivity_hub_and_spoke.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_connectivity_hub_and_spoke.tmpl.json rename to modules/archetypes/lib/archetype_definitions/archetype_definition_es_connectivity_hub_and_spoke.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_connectivity_vwan.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_connectivity_vwan.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_connectivity_vwan.tmpl.json rename to modules/archetypes/lib/archetype_definitions/archetype_definition_es_connectivity_vwan.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_decommissioned.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_decommissioned.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_decommissioned.tmpl.json rename to modules/archetypes/lib/archetype_definitions/archetype_definition_es_decommissioned.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_demo_corp.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_demo_corp.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_demo_corp.tmpl.json rename to modules/archetypes/lib/archetype_definitions/archetype_definition_es_demo_corp.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_demo_online.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_demo_online.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_demo_online.tmpl.json rename to modules/archetypes/lib/archetype_definitions/archetype_definition_es_demo_online.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_demo_sap.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_demo_sap.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_demo_sap.tmpl.json rename to modules/archetypes/lib/archetype_definitions/archetype_definition_es_demo_sap.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_identity.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_identity.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_identity.tmpl.json rename to modules/archetypes/lib/archetype_definitions/archetype_definition_es_identity.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_landing_zones.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_landing_zones.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_landing_zones.tmpl.json rename to modules/archetypes/lib/archetype_definitions/archetype_definition_es_landing_zones.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_management.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_management.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_management.tmpl.json rename to modules/archetypes/lib/archetype_definitions/archetype_definition_es_management.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_platform.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_platform.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_platform.tmpl.json rename to modules/archetypes/lib/archetype_definitions/archetype_definition_es_platform.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_root.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_root.tmpl.json similarity index 98% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_root.tmpl.json rename to modules/archetypes/lib/archetype_definitions/archetype_definition_es_root.tmpl.json index c7784a806..0b2983211 100644 --- a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_root.tmpl.json +++ b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_root.tmpl.json @@ -97,7 +97,7 @@ "ES-Deploy-Sql-AuditingSettings", "ES-Deploy-Sql-SecurityAlertPolicies", "ES-Deploy-Sql-Tde", - "ES-Deploy-Sql-vulnerabilityAssessments", + "ES-Deploy-Sql-VulnerabilityAssessments", "ES-Deploy-vHUB", "ES-Deploy-vNet", "ES-Deploy-vWAN", diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_sandboxes.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_sandboxes.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/archetype_definition_es_sandboxes.tmpl.json rename to modules/archetypes/lib/archetype_definitions/archetype_definition_es_sandboxes.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_allowed_resource-locations.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_allowed_resource-locations.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_allowed_resource-locations.tmpl.json rename to modules/archetypes/lib/policy_assignments/policy_assignment_es_allowed_resource-locations.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_allowed_resourcegroup-locations.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_allowed_resourcegroup-locations.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_allowed_resourcegroup-locations.tmpl.json rename to modules/archetypes/lib/policy_assignments/policy_assignment_es_allowed_resourcegroup-locations.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deny_appgw_without_waf.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deny_appgw_without_waf.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deny_appgw_without_waf.tmpl.json rename to modules/archetypes/lib/policy_assignments/policy_assignment_es_deny_appgw_without_waf.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deny_ip_forwarding.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deny_ip_forwarding.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deny_ip_forwarding.tmpl.json rename to modules/archetypes/lib/policy_assignments/policy_assignment_es_deny_ip_forwarding.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deny_rdp_from_internet.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deny_rdp_from_internet.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deny_rdp_from_internet.tmpl.json rename to modules/archetypes/lib/policy_assignments/policy_assignment_es_deny_rdp_from_internet.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deny_resources.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deny_resources.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deny_resources.tmpl.json rename to modules/archetypes/lib/policy_assignments/policy_assignment_es_deny_resources.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deny_subnet_without_nsg.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deny_subnet_without_nsg.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deny_subnet_without_nsg.tmpl.json rename to modules/archetypes/lib/policy_assignments/policy_assignment_es_deny_subnet_without_nsg.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deploy_asc_ce.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_asc_ce.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deploy_asc_ce.tmpl.json rename to modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_asc_ce.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deploy_asc_monitoring.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_asc_monitoring.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deploy_asc_monitoring.tmpl.json rename to modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_asc_monitoring.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deploy_asc_standard.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_asc_standard.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deploy_asc_standard.tmpl.json rename to modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_asc_standard.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deploy_diag_activitylog.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_diag_activitylog.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deploy_diag_activitylog.tmpl.json rename to modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_diag_activitylog.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deploy_diag_loganalytics.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_diag_loganalytics.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deploy_diag_loganalytics.tmpl.json rename to modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_diag_loganalytics.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deploy_vm_monitoring.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_vm_monitoring.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_assignment_es_deploy_vm_monitoring.tmpl.json rename to modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_vm_monitoring.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_append_kv_softdelete.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_append_kv_softdelete.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_append_kv_softdelete.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_append_kv_softdelete.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_aa_child_resources.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_aa_child_resources.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_aa_child_resources.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deny_aa_child_resources.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_appgw_without_waf.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_appgw_without_waf.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_appgw_without_waf.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deny_appgw_without_waf.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_erpeering.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_erpeering.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_erpeering.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deny_erpeering.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_private_dns_zones.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_private_dns_zones.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_private_dns_zones.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deny_private_dns_zones.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicendpoint_aks.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicendpoint_aks.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicendpoint_aks.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicendpoint_aks.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicendpoint_cosmosdb.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicendpoint_cosmosdb.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicendpoint_cosmosdb.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicendpoint_cosmosdb.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicendpoint_keyvault.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicendpoint_keyvault.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicendpoint_keyvault.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicendpoint_keyvault.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicendpoint_mariadb.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicendpoint_mariadb.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicendpoint_mariadb.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicendpoint_mariadb.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicendpoint_mysql.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicendpoint_mysql.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicendpoint_mysql.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicendpoint_mysql.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicendpoint_postgresql.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicendpoint_postgresql.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicendpoint_postgresql.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicendpoint_postgresql.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicendpoint_sql.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicendpoint_sql.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicendpoint_sql.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicendpoint_sql.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicendpoint_storage.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicendpoint_storage.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicendpoint_storage.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicendpoint_storage.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicip.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicip.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_publicip.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deny_publicip.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_subnet_without_nsg.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_subnet_without_nsg.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_subnet_without_nsg.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deny_subnet_without_nsg.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_subnet_without_udr.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_subnet_without_udr.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deny_subnet_without_udr.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deny_subnet_without_udr.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_asc_ce.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_asc_ce.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_asc_ce.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_asc_ce.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_asc_standard.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_asc_standard.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_asc_standard.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_asc_standard.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_azurebackup_on_vm.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_azurebackup_on_vm.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_azurebackup_on_vm.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_azurebackup_on_vm.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_ddosprotection.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_ddosprotection.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_ddosprotection.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_ddosprotection.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_aa.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_aa.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_aa.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_aa.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_aci.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_aci.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_aci.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_aci.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_acr.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_acr.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_acr.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_acr.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_activitylog.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_activitylog.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_activitylog.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_activitylog.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_aks.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_aks.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_aks.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_aks.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_analysisservice.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_analysisservice.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_analysisservice.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_analysisservice.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_apimgmt.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_apimgmt.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_apimgmt.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_apimgmt.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_applicationgateway.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_applicationgateway.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_applicationgateway.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_applicationgateway.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_batch.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_batch.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_batch.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_batch.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_cdnendpoints.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_cdnendpoints.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_cdnendpoints.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_cdnendpoints.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_cognitiveservices.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_cognitiveservices.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_cognitiveservices.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_cognitiveservices.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_cosmosdb.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_cosmosdb.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_cosmosdb.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_cosmosdb.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_datafactory.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_datafactory.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_datafactory.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_datafactory.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_datalakestore.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_datalakestore.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_datalakestore.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_datalakestore.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_dlanalytics.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_dlanalytics.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_dlanalytics.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_dlanalytics.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_eventgridsub.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_eventgridsub.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_eventgridsub.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_eventgridsub.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_eventgridtopic.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_eventgridtopic.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_eventgridtopic.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_eventgridtopic.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_eventhub.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_eventhub.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_eventhub.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_eventhub.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_expressroute.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_expressroute.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_expressroute.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_expressroute.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_firewall.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_firewall.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_firewall.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_firewall.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_hdinsight.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_hdinsight.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_hdinsight.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_hdinsight.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_iothub.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_iothub.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_iothub.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_iothub.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_keyvault.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_keyvault.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_keyvault.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_keyvault.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_loadbalancer.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_loadbalancer.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_loadbalancer.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_loadbalancer.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_logicappsise.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_logicappsise.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_logicappsise.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_logicappsise.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_logicappswf.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_logicappswf.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_logicappswf.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_logicappswf.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_mlworkspace.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_mlworkspace.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_mlworkspace.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_mlworkspace.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_mysql.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_mysql.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_mysql.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_mysql.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_networksecuritygroups.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_networksecuritygroups.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_networksecuritygroups.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_networksecuritygroups.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_nic.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_nic.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_nic.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_nic.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_postgresql.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_postgresql.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_postgresql.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_postgresql.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_powerbiembedded.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_powerbiembedded.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_powerbiembedded.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_powerbiembedded.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_publicip.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_publicip.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_publicip.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_publicip.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_recoveryvault.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_recoveryvault.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_recoveryvault.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_recoveryvault.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_rediscache.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_rediscache.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_rediscache.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_rediscache.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_relay.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_relay.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_relay.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_relay.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_searchservices.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_searchservices.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_searchservices.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_searchservices.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_servicebus.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_servicebus.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_servicebus.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_servicebus.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_signalr.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_signalr.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_signalr.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_signalr.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_sqldbs.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_sqldbs.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_sqldbs.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_sqldbs.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_sqlelasticpools.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_sqlelasticpools.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_sqlelasticpools.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_sqlelasticpools.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_sqlmi.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_sqlmi.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_sqlmi.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_sqlmi.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_streamanalytics.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_streamanalytics.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_streamanalytics.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_streamanalytics.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_timeseriesinsights.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_timeseriesinsights.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_timeseriesinsights.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_timeseriesinsights.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_trafficmanager.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_trafficmanager.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_trafficmanager.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_trafficmanager.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_virtualnetwork.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_virtualnetwork.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_virtualnetwork.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_virtualnetwork.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_vm.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_vm.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_vm.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_vm.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_vmss.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_vmss.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_vmss.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_vmss.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_vnetgw.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_vnetgw.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_vnetgw.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_vnetgw.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_webserverfarm.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_webserverfarm.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_webserverfarm.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_webserverfarm.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_website.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_website.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_diagnostics_website.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_diagnostics_website.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_dnszonegroup_for_blob_privateendpoint.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_dnszonegroup_for_blob_privateendpoint.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_dnszonegroup_for_blob_privateendpoint.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_dnszonegroup_for_blob_privateendpoint.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_dnszonegroup_for_file_privateendpoint.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_dnszonegroup_for_file_privateendpoint.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_dnszonegroup_for_file_privateendpoint.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_dnszonegroup_for_file_privateendpoint.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_dnszonegroup_for_keyvault_privateendpoint.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_dnszonegroup_for_keyvault_privateendpoint.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_dnszonegroup_for_keyvault_privateendpoint.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_dnszonegroup_for_keyvault_privateendpoint.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_dnszonegroup_for_queue_privateendpoint.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_dnszonegroup_for_queue_privateendpoint.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_dnszonegroup_for_queue_privateendpoint.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_dnszonegroup_for_queue_privateendpoint.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_dnszonegroup_for_sql_privateendpoint.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_dnszonegroup_for_sql_privateendpoint.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_dnszonegroup_for_sql_privateendpoint.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_dnszonegroup_for_sql_privateendpoint.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_dnszonegroup_for_table_privateendpoint.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_dnszonegroup_for_table_privateendpoint.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_dnszonegroup_for_table_privateendpoint.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_dnszonegroup_for_table_privateendpoint.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_firewallpolicy.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_firewallpolicy.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_firewallpolicy.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_firewallpolicy.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_hub.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_hub.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_hub.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_hub.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_la_config.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_la_config.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_la_config.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_la_config.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_log_analytics.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_log_analytics.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_log_analytics.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_log_analytics.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_nsg_flowlogs.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_nsg_flowlogs.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_nsg_flowlogs.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_nsg_flowlogs.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_sql_auditingsettings.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sql_auditingsettings.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_sql_auditingsettings.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sql_auditingsettings.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_sql_securityalertpolicies.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sql_securityalertpolicies.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_sql_securityalertpolicies.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sql_securityalertpolicies.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_sql_tde.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sql_tde.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_sql_tde.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sql_tde.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_sql_vulnerabilityassessments.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sql_vulnerabilityassessments.json similarity index 97% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_sql_vulnerabilityassessments.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sql_vulnerabilityassessments.json index 79b8ab622..07c839c64 100644 --- a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_sql_vulnerabilityassessments.json +++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sql_vulnerabilityassessments.json @@ -1,10 +1,10 @@ { - "name": "ES-Deploy-Sql-vulnerabilityAssessments", + "name": "ES-Deploy-Sql-VulnerabilityAssessments", "type": "Microsoft.Authorization/policyDefinitions", "apiVersion": "2019-09-01", "properties": { "description": "Configures SQL DataBases", - "displayName": "ES-Deploy-Sql-vulnerabilityAssessments", + "displayName": "ES-Deploy-Sql-VulnerabilityAssessments", "mode": "All", "parameters": { "vulnerabilityAssessmentsEmail": { diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_vhub.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_vhub.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_vhub.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_vhub.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_vnet.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_vnet.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_vnet.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_vnet.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_vwan.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_vwan.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_vwan.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_vwan.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_windows_domainjoin.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_windows_domainjoin.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_definition_es_deploy_windows_domainjoin.json rename to modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_windows_domainjoin.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_set_definition_es_deny_publicendpoints.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deny_publicendpoints.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_set_definition_es_deny_publicendpoints.tmpl.json rename to modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deny_publicendpoints.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_set_definition_es_deploy_diagnositcs_loganalytics.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_diagnositcs_loganalytics.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_set_definition_es_deploy_diagnositcs_loganalytics.tmpl.json rename to modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_diagnositcs_loganalytics.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_set_definition_es_deploy_sql_security.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_sql_security.tmpl.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/policy_set_definition_es_deploy_sql_security.tmpl.json rename to modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_sql_security.tmpl.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/role_definition_es_network_subnet_contributor.json b/modules/archetypes/lib/role_definitions/role_definition_es_network_subnet_contributor.json similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/lib/role_definition_es_network_subnet_contributor.json rename to modules/archetypes/lib/role_definitions/role_definition_es_network_subnet_contributor.json diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.archetype_definitions.tf b/modules/archetypes/locals.archetype_definitions.tf similarity index 91% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.archetype_definitions.tf rename to modules/archetypes/locals.archetype_definitions.tf index ecd86b4ec..0c5fc8aed 100644 --- a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.archetype_definitions.tf +++ b/modules/archetypes/locals.archetype_definitions.tf @@ -1,13 +1,13 @@ # Load the built-in archetype definitions from the internal library path locals { - builtin_archetype_definitions_json = tolist(fileset(local.builtin_library_path, "**archetype_definition_*.json")) - builtin_archetype_definitions_yaml = tolist(fileset(local.builtin_library_path, "**archetype_definition_*.{yml,yaml}")) + builtin_archetype_definitions_json = tolist(fileset(local.builtin_library_path, "**/archetype_definition_*.json")) + builtin_archetype_definitions_yaml = tolist(fileset(local.builtin_library_path, "**/archetype_definition_*.{yml,yaml}")) } # Load the custom archetype definitions from the custom library path if specified locals { - custom_archetype_definitions_json = local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**archetype_definition_*.json")) : [] - custom_archetype_definitions_yaml = local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**archetype_definition_*.{yml,yaml}")) : [] + custom_archetype_definitions_json = local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**/archetype_definition_*.json")) : [] + custom_archetype_definitions_yaml = local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**/archetype_definition_*.{yml,yaml}")) : [] } # Create datasets containing all built-in and custom archetype definitions from each source and file type diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.policy_assignments.tf b/modules/archetypes/locals.policy_assignments.tf similarity index 86% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.policy_assignments.tf rename to modules/archetypes/locals.policy_assignments.tf index 5584636a7..0191117e5 100644 --- a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.policy_assignments.tf +++ b/modules/archetypes/locals.policy_assignments.tf @@ -9,10 +9,10 @@ locals { # If Policy Assignments are specified in the archetype definition, generate a list of all Policy Assignment files from the built-in and custom library locations locals { - builtin_policy_assignments_from_json = local.archetype_policy_assignments_specified ? tolist(fileset(local.builtin_library_path, "**policy_assignment_*.json")) : null - builtin_policy_assignments_from_yaml = local.archetype_policy_assignments_specified ? tolist(fileset(local.builtin_library_path, "**policy_assignment_*.{yml,yaml}")) : null - custom_policy_assignments_from_json = local.archetype_policy_assignments_specified && local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**policy_assignment_*.json")) : null - custom_policy_assignments_from_yaml = local.archetype_policy_assignments_specified && local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**policy_assignment_*.{yml,yaml}")) : null + builtin_policy_assignments_from_json = local.archetype_policy_assignments_specified ? tolist(fileset(local.builtin_library_path, "**/policy_assignment_*.json")) : null + builtin_policy_assignments_from_yaml = local.archetype_policy_assignments_specified ? tolist(fileset(local.builtin_library_path, "**/policy_assignment_*.{yml,yaml}")) : null + custom_policy_assignments_from_json = local.archetype_policy_assignments_specified && local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**/policy_assignment_*.json")) : null + custom_policy_assignments_from_yaml = local.archetype_policy_assignments_specified && local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**/policy_assignment_*.{yml,yaml}")) : null } # If Policy Assignment files exist, load content into dataset @@ -98,7 +98,15 @@ locals { parameters = contains(keys(local.parameters_at_scope), policy_assignment) ? { for parameter_key, parameter_value in local.parameters_at_scope[policy_assignment] : parameter_key => { - value = parameter_value + # Due to object type limitations in Go, we can only support + # a single object type in the input parameter for parameters. + # To support processing parameters with different object + # types we've added support for converting the input value + # from JSON but can fallback to the raw value if that fails. + # This provides backwards compatibility for existing + # deployments, but also makes it easier to compose the input + # object if only one parameter value type is needed. + value = try(jsondecode(parameter_value), parameter_value) } } : null } diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.policy_definitions.tf b/modules/archetypes/locals.policy_definitions.tf similarity index 85% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.policy_definitions.tf rename to modules/archetypes/locals.policy_definitions.tf index d914eceab..6490f82f8 100644 --- a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.policy_definitions.tf +++ b/modules/archetypes/locals.policy_definitions.tf @@ -9,29 +9,29 @@ locals { # If Policy Definitions are specified in the archetype definition, generate a list of all Policy Definition files from the built-in and custom library locations locals { - builtin_policy_definitions_from_json = local.archetype_policy_definitions_specified ? tolist(fileset(local.builtin_library_path, "**policy_definition_*.json")) : null - builtin_policy_definitions_from_yaml = local.archetype_policy_definitions_specified ? tolist(fileset(local.builtin_library_path, "**policy_definition_*.{yml,yaml}")) : null - custom_policy_definitions_from_json = local.archetype_policy_definitions_specified && local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**policy_definition_*.json")) : null - custom_policy_definitions_from_yaml = local.archetype_policy_definitions_specified && local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**policy_definition_*.{yml,yaml}")) : null + builtin_policy_definitions_from_json = local.archetype_policy_definitions_specified ? tolist(fileset(local.builtin_library_path, "**/policy_definition_*.json")) : null + builtin_policy_definitions_from_yaml = local.archetype_policy_definitions_specified ? tolist(fileset(local.builtin_library_path, "**/policy_definition_*.{yml,yaml}")) : null + custom_policy_definitions_from_json = local.archetype_policy_definitions_specified && local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**/policy_definition_*.json")) : null + custom_policy_definitions_from_yaml = local.archetype_policy_definitions_specified && local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**/policy_definition_*.{yml,yaml}")) : null } # If Policy Definition files exist, load content into dataset locals { builtin_policy_definitions_dataset_from_json = try(length(local.builtin_policy_definitions_from_json) > 0, false) ? { for filepath in local.builtin_policy_definitions_from_json : - filepath => jsondecode(file("${local.builtin_library_path}/${filepath}")) + filepath => jsondecode(templatefile("${local.builtin_library_path}/${filepath}", local.template_file_vars)) } : null builtin_policy_definitions_dataset_from_yaml = try(length(local.builtin_policy_definitions_from_yaml) > 0, false) ? { for filepath in local.builtin_policy_definitions_from_yaml : - filepath => yamldecode(file("${local.builtin_library_path}/${filepath}")) + filepath => yamldecode(templatefile("${local.builtin_library_path}/${filepath}", local.template_file_vars)) } : null custom_policy_definitions_dataset_from_json = try(length(local.custom_policy_definitions_from_json) > 0, false) ? { for filepath in local.custom_policy_definitions_from_json : - filepath => jsondecode(file("${local.custom_library_path}/${filepath}")) + filepath => jsondecode(templatefile("${local.custom_library_path}/${filepath}", local.template_file_vars)) } : null custom_policy_definitions_dataset_from_yaml = try(length(local.custom_policy_definitions_from_yaml) > 0, false) ? { for filepath in local.custom_policy_definitions_from_yaml : - filepath => yamldecode(file("${local.custom_library_path}/${filepath}")) + filepath => yamldecode(templatefile("${local.custom_library_path}/${filepath}", local.template_file_vars)) } : null } diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.policy_set_definitions.tf b/modules/archetypes/locals.policy_set_definitions.tf similarity index 94% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.policy_set_definitions.tf rename to modules/archetypes/locals.policy_set_definitions.tf index 5e5ba22ef..5f5fed193 100644 --- a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.policy_set_definitions.tf +++ b/modules/archetypes/locals.policy_set_definitions.tf @@ -9,10 +9,10 @@ locals { # If Policy Set Definitions are specified in the archetype definition, generate a list of all Policy Set Definition files from the built-in and custom library locations locals { - builtin_policy_set_definitions_from_json = local.archetype_policy_set_definitions_specified ? tolist(fileset(local.builtin_library_path, "**policy_set_definition_*.json")) : null - builtin_policy_set_definitions_from_yaml = local.archetype_policy_set_definitions_specified ? tolist(fileset(local.builtin_library_path, "**policy_set_definition_*.{yml,yaml}")) : null - custom_policy_set_definitions_from_json = local.archetype_policy_set_definitions_specified && local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**policy_set_definition_*.json")) : null - custom_policy_set_definitions_from_yaml = local.archetype_policy_set_definitions_specified && local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**policy_set_definition_*.{yml,yaml}")) : null + builtin_policy_set_definitions_from_json = local.archetype_policy_set_definitions_specified ? tolist(fileset(local.builtin_library_path, "**/policy_set_definition_*.json")) : null + builtin_policy_set_definitions_from_yaml = local.archetype_policy_set_definitions_specified ? tolist(fileset(local.builtin_library_path, "**/policy_set_definition_*.{yml,yaml}")) : null + custom_policy_set_definitions_from_json = local.archetype_policy_set_definitions_specified && local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**/policy_set_definition_*.json")) : null + custom_policy_set_definitions_from_yaml = local.archetype_policy_set_definitions_specified && local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**/policy_set_definition_*.{yml,yaml}")) : null } # If Policy Set Definition files exist, load content into dataset diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.role_assignments.tf b/modules/archetypes/locals.role_assignments.tf similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.role_assignments.tf rename to modules/archetypes/locals.role_assignments.tf diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.role_definitions.tf b/modules/archetypes/locals.role_definitions.tf similarity index 88% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.role_definitions.tf rename to modules/archetypes/locals.role_definitions.tf index 753e2c849..d92c35a15 100644 --- a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.role_definitions.tf +++ b/modules/archetypes/locals.role_definitions.tf @@ -9,29 +9,29 @@ locals { # If Role Definitions are specified in the archetype definition, generate a list of all Role Definition files from the built-in and custom library locations locals { - builtin_role_definitions_from_json = local.archetype_role_definitions_specified ? tolist(fileset(local.builtin_library_path, "**role_definition_*.json")) : null - builtin_role_definitions_from_yaml = local.archetype_role_definitions_specified ? tolist(fileset(local.builtin_library_path, "**role_definition_*.{yml,yaml}")) : null - custom_role_definitions_from_json = local.archetype_role_definitions_specified && local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**role_definition_*.json")) : null - custom_role_definitions_from_yaml = local.archetype_role_definitions_specified && local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**role_definition_*.{yml,yaml}")) : null + builtin_role_definitions_from_json = local.archetype_role_definitions_specified ? tolist(fileset(local.builtin_library_path, "**/role_definition_*.json")) : null + builtin_role_definitions_from_yaml = local.archetype_role_definitions_specified ? tolist(fileset(local.builtin_library_path, "**/role_definition_*.{yml,yaml}")) : null + custom_role_definitions_from_json = local.archetype_role_definitions_specified && local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**/role_definition_*.json")) : null + custom_role_definitions_from_yaml = local.archetype_role_definitions_specified && local.custom_library_path_specified ? tolist(fileset(local.custom_library_path, "**/role_definition_*.{yml,yaml}")) : null } # If Role Definition files exist, load content into dataset locals { builtin_role_definitions_dataset_from_json = try(length(local.builtin_role_definitions_from_json) > 0, false) ? { for filepath in local.builtin_role_definitions_from_json : - filepath => jsondecode(file("${local.builtin_library_path}/${filepath}")) + filepath => jsondecode(templatefile("${local.builtin_library_path}/${filepath}", local.template_file_vars)) } : null builtin_role_definitions_dataset_from_yaml = try(length(local.builtin_role_definitions_from_yaml) > 0, false) ? { for filepath in local.builtin_role_definitions_from_yaml : - filepath => yamldecode(file("${local.builtin_library_path}/${filepath}")) + filepath => yamldecode(templatefile("${local.builtin_library_path}/${filepath}", local.template_file_vars)) } : null custom_role_definitions_dataset_from_json = try(length(local.custom_role_definitions_from_json) > 0, false) ? { for filepath in local.custom_role_definitions_from_json : - filepath => jsondecode(file("${local.custom_library_path}/${filepath}")) + filepath => jsondecode(templatefile("${local.custom_library_path}/${filepath}", local.template_file_vars)) } : null custom_role_definitions_dataset_from_yaml = try(length(local.custom_role_definitions_from_yaml) > 0, false) ? { for filepath in local.custom_role_definitions_from_yaml : - filepath => yamldecode(file("${local.custom_library_path}/${filepath}")) + filepath => yamldecode(templatefile("${local.custom_library_path}/${filepath}", local.template_file_vars)) } : null } diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.tf b/modules/archetypes/locals.tf similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/locals.tf rename to modules/archetypes/locals.tf diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/main.tf b/modules/archetypes/main.tf similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/main.tf rename to modules/archetypes/main.tf diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/outputs.tf b/modules/archetypes/outputs.tf similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/outputs.tf rename to modules/archetypes/outputs.tf diff --git a/modules/terraform-azurerm-caf-enterprise-scale-archetypes/variables.tf b/modules/archetypes/variables.tf similarity index 100% rename from modules/terraform-azurerm-caf-enterprise-scale-archetypes/variables.tf rename to modules/archetypes/variables.tf diff --git a/outputs.management_groups.tf b/outputs.management_groups.tf deleted file mode 100644 index 0c0e1b9d7..000000000 --- a/outputs.management_groups.tf +++ /dev/null @@ -1,10 +0,0 @@ -# The following output is used to reconcile the multi-level -# Management Group deployments into a single data object to -# simplify consumption of configuration data from this group -# of resources. -output "azurerm_management_group" { - value = { - enterprise_scale = local.es_management_group_output - } - description = "Returns the configuration data for all Management Groups created by this module." -} diff --git a/outputs.policy_assignments.tf b/outputs.policy_assignments.tf deleted file mode 100644 index b5e76f3d2..000000000 --- a/outputs.policy_assignments.tf +++ /dev/null @@ -1,8 +0,0 @@ -# The following output is used to ensure all Policy -# Assignment data is returned to the root module. -output "azurerm_policy_assignment" { - value = { - enterprise_scale = azurerm_policy_assignment.enterprise_scale - } - description = "Returns the configuration data for all Policy Assignments created by this module." -} diff --git a/outputs.policy_definitions.tf b/outputs.policy_definitions.tf deleted file mode 100644 index b06f3837b..000000000 --- a/outputs.policy_definitions.tf +++ /dev/null @@ -1,8 +0,0 @@ -# The following output is used to ensure all Policy -# Definition data is returned to the root module. -output "azurerm_policy_definition" { - value = { - enterprise_scale = azurerm_policy_definition.enterprise_scale - } - description = "Returns the configuration data for all Policy Definitions created by this module." -} diff --git a/outputs.policy_set_definitions.tf b/outputs.policy_set_definitions.tf deleted file mode 100644 index 92a52c38a..000000000 --- a/outputs.policy_set_definitions.tf +++ /dev/null @@ -1,8 +0,0 @@ -# The following output is used to ensure all Policy Set -# Definition data is returned to the root module. -output "azurerm_policy_set_definition" { - value = { - enterprise_scale = azurerm_policy_set_definition.enterprise_scale - } - description = "Returns the configuration data for all Policy Set Definitions created by this module." -} diff --git a/outputs.role_assignments.tf b/outputs.role_assignments.tf deleted file mode 100644 index d0ebaa6eb..000000000 --- a/outputs.role_assignments.tf +++ /dev/null @@ -1,8 +0,0 @@ -# The following output is used to ensure all Role -# Assignment data is returned to the root module. -output "azurerm_role_assignment" { - value = { - enterprise_scale = azurerm_role_assignment.enterprise_scale - } - description = "Returns the configuration data for all Role Assignments created by this module." -} diff --git a/outputs.role_definitions.tf b/outputs.role_definitions.tf deleted file mode 100644 index 20fbe494e..000000000 --- a/outputs.role_definitions.tf +++ /dev/null @@ -1,8 +0,0 @@ -# The following output is used to ensure all Role -# Definition data is returned to the root module. -output "azurerm_role_definition" { - value = { - enterprise_scale = azurerm_role_definition.enterprise_scale - } - description = "Returns the configuration data for all Role Definitions created by this module." -} diff --git a/outputs.tf b/outputs.tf index 88f05d3ef..1c6cf4b31 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1 +1,55 @@ -# All outputs are split into dedicated files and arranged by Resource Type +# The following output is used to reconcile the multi-level +# Management Group deployments into a single data object to +# simplify consumption of configuration data from this group +# of resources. +output "azurerm_management_group" { + value = { + enterprise_scale = local.es_management_group_output + } + description = "Returns the configuration data for all Management Groups created by this module." +} + +# The following output is used to ensure all Policy +# Definition data is returned to the root module. +output "azurerm_policy_definition" { + value = { + enterprise_scale = azurerm_policy_definition.enterprise_scale + } + description = "Returns the configuration data for all Policy Definitions created by this module." +} + +# The following output is used to ensure all Policy Set +# Definition data is returned to the root module. +output "azurerm_policy_set_definition" { + value = { + enterprise_scale = azurerm_policy_set_definition.enterprise_scale + } + description = "Returns the configuration data for all Policy Set Definitions created by this module." +} + +# The following output is used to ensure all Policy +# Assignment data is returned to the root module. +output "azurerm_policy_assignment" { + value = { + enterprise_scale = azurerm_policy_assignment.enterprise_scale + } + description = "Returns the configuration data for all Policy Assignments created by this module." +} + +# The following output is used to ensure all Role +# Definition data is returned to the root module. +output "azurerm_role_definition" { + value = { + enterprise_scale = azurerm_role_definition.enterprise_scale + } + description = "Returns the configuration data for all Role Definitions created by this module." +} + +# The following output is used to ensure all Role +# Assignment data is returned to the root module. +output "azurerm_role_assignment" { + value = { + enterprise_scale = azurerm_role_assignment.enterprise_scale + } + description = "Returns the configuration data for all Role Assignments created by this module." +} diff --git a/resources.role_assignments.tf b/resources.role_assignments.tf index c3b1cede9..7ab7a4b41 100644 --- a/resources.role_assignments.tf +++ b/resources.role_assignments.tf @@ -10,11 +10,11 @@ resource "azurerm_role_assignment" "enterprise_scale" { principal_id = each.value.principal_id # Optional attributes - role_definition_name = try(length(each.value.role_definition_name) > 0, false) ? each.value.role_definition_name : null - role_definition_id = null // Not currently used - skip_service_principal_aad_check = null // Not currently used + role_definition_name = try(each.value.role_definition_name, null) + role_definition_id = try(each.value.role_definition_id, null) + skip_service_principal_aad_check = try(each.value.skip_service_principal_aad_check, null) - # Set explicit dependency on Management Group and Role Definition deployments + # Set explicit dependency on Management Group, Policy, and Role Definition deployments depends_on = [ azurerm_management_group.level_1, azurerm_management_group.level_2, @@ -22,6 +22,9 @@ resource "azurerm_role_assignment" "enterprise_scale" { azurerm_management_group.level_4, azurerm_management_group.level_5, azurerm_management_group.level_6, + azurerm_policy_definition.enterprise_scale, + azurerm_policy_set_definition.enterprise_scale, + azurerm_policy_assignment.enterprise_scale, azurerm_role_definition.enterprise_scale, ]